20. Leveraging Forensic Accountants

During the past decade, the use of monitorships has matured considerably, with an increasing number of regulators and enforcement entities implementing this form of remediation. Jurisdictions outside the United States have moved beyond nurturing an interest in monitorships to formally legislating their application in settlement negotiations. It was once more common for monitorships to stem from investigations into alleged bribery and corruption; today, regulators impose monitorships in response to a variety of organisational misconduct across a breadth of industries. Monitors have been installed, for example, to oversee and assess conduct in:

  • police departments (focusing on cultural change);
  • automotive industry (assessing controls around research and development, and emissions testing);
  • financial institutions (testing anti-money laundering and sanctions-related compliance programmes); and
  • public accounting and auditing firms (overseeing quality control and cultural improvements).

As the scope of monitorships has evolved, so has the role of forensic accountants in these situations. Chartered accountants, certified fraud examiners, anti-money laundering specialists, data specialists and analysts, and industry-specific experts within forensic accounting firms (forensic firms) marry complementary expertise in anti-corruption, anti-money laundering, sanctions and counter-terrorism financing investigations, compliance programme design, review and testing, process review and internal controls testing, audit negligence assessments, disgorgement and the ability to pay calculations.

Forensic firms may serve in a number of capacities on monitorships. A firm may take on the role of monitor if a monitorship requires subject-matter expertise that sits within a forensic accounting firm. Forensic advisers may also support a company during its monitorship by helping the company proactively understand and respond to key issues since companies often find themselves overwhelmed by the burden on time, resources and understanding how to prepare for a monitor. Finally, a forensic firm may also collaborate with the monitor to provide support in specific areas in line with the firm’s areas of expertise. This role varies based on the nature of the monitorship, the mandate of the regulator, the terms of the settlement agreement and the level of sophistication or maturity of the company’s compliance programme.

This chapter primarily focuses on how forensic firms support a monitor or company through the monitorship process.

Leveraging forensic accountants and forensic data analytics

Forensic firms leverage closely integrated teams of forensic accountants, consultants and forensic data analysis specialists and use their unique blend of skills and expertise to facilitate the evaluation of historical conduct and necessary remediation efforts. This section describes how companies operating under a monitorship can leverage forensic firms to supplement their teams. Many of these areas also parallel situations in which forensic firms can prove invaluable to a monitor.

Complementing expertise and resources for companies under monitorship

A company preparing for a monitorship should consider whether company personnel possess sufficient resources and skills to meet the requirements of a monitorship. If the company lacks expertise or resources, forensic firms can provide critical support to help fill these gaps and better position the company to meet the requirements for monitor certification as quickly as possible.

When the forensic firm has expertise in the underlying subject matter of the monitorship, the firm can operate as an adviser and provide guidance to the company in key areas. Forensic firms are experts in triaging a company’s controls landscape, performing baseline risk assessments, understanding a company’s systems and monitoring capabilities, and developing action plans to address critical issues.

In preparing for a monitorship, companies should assess their ability to perform the various project management and information-gathering activities associated with a monitorship, as this is critical to successful completion. Companies often lack the required processes for gathering and delivering requested documents as this is not part of the company’s standard operating procedures. This can delay the monitor’s ability to assess remediation efforts. If the monitor cannot obtain evidence of the enhancements in a timely manner, a company could find itself in the costly position of a monitorship extension. Reputable forensic firms possess project management experience in sensitive, time-critical situations and have an understanding of the information needed to satisfy monitor requests. Therefore, they can take on or help to support the company with satisfying many of the imminent requirements once a company enters a monitorship.

Companies should also assess whether they have sufficient capacity to take on remediation projects that monitorships often require, such as implementing action plans, providing training, and developing new policies and procedures. Forensic firm resources can temporarily alleviate the burden on the company’s employees who are responsible for performing their daily job responsibilities. For example, a financial institution may consider retaining the forensic firm to assist with a backlog of ‘know your customer’ onboarding forms.

Navigating systems and data management

Global companies often have myriad data sources and systems, and navigating these systems to extract required information can prove challenging even in a business as usual setting. The information technology (IT) systems landscape becomes increasingly complicated for companies that have expanded through acquisitions or maintain different systems in different locations. Under the short turnaround times usually dictated by a monitorship, collecting the right data becomes even more difficult and taxing on the company. When handed a request for information (such as a list of global clients), companies often have a hard time figuring out how to pull the required data from the various systems. When a forensic firm supports the company, forensic advisers help to avoid potential pain points in the data collection process, navigate data collection and validation challenges, and work with the monitor to ensure requests are specific, targeted and formulated in a way that will make sense to a company’s IT team.

Forensic employees possess technical skills that are valuable in assessing the technical and systems environment and ensure it has the appropriate capability to support the operational and compliance functions within the company. Expertise in systems implementation and integration, data transfer and data governance is necessary not only to ensure accurate assessments but also to provide the necessary insight to remediate issues or gaps. These assessments can help to evaluate controls embedded within systems and the governance around systems implementation efforts.

Understanding historical misconduct and designing recommendations

Forensic firms can serve a critical role in helping a company understand what went wrong historically to ensure remedial actions are constructed in a manner that will address the root cause of prior issues. During the initial planning phase, it is important that a company conduct a thorough risk assessment and identify risks relevant to the monitorship (e.g., geographically, by customer type or by business unit). A forensic firm experienced in these assessments will be adept in identifying risks through a combination of analytics, targeted review of documents, interviews and control testing.

Control testing during the initial assessment will deliver examples of what is actually happening in practice, help to pinpoint existing or remaining risk areas, and identify isolated and systemic issues. Forensic firms can then draw on experience in other matters to assess which risks within the company are the most critical for the company to remediate, given the historical concerns underlying the settlement agreement.

Developing, executing and testing remediation plans

In following the monitor’s recommendations, the company will need to develop, execute, test and communicate its remediation plans, as well as train its employees. A forensic firm may help the company to interpret the monitor’s recommendations and support the company’s remediation plans. Developing a remediation plan will often require a holistic evaluation of a company’s control environment. Forensic firms can assess whether controls are appropriately designed and operating effectively.

Execution of a monitor’s recommendations often require enhancements to – or even replacement of – the key financial, accounting and operational systems. A forensic firm with systems-related expertise can help to evaluate the company’s IT, including determining whether systems are fit for purpose, and assist the company with any necessary enhancements or implementations.

Transaction testing many times is critical to assess remediation efforts and control effectiveness. Forensic firms perform testing to evaluate whether transactions are in accordance with the company’s policies and procedures, supported by a reasonable business rationale and appropriately documented and reported. Aiding in this testing are forensic analytics specialists who help to identify suspicious transactions or those not aligned with company policy. These specialists develop sophisticated algorithms to process large volumes of data quickly, extract key observations and create the necessary transparency to understand the effectiveness of remediation steps.

Finally, depending on the monitorship’s established reporting cadence, a company may not receive feedback from the monitor except at predefined intervals – sometimes even as infrequently as once per year. Forensic firms can use proactive testing to provide transparency in remediation efforts in a timely manner and, therefore, mitigate the risk that the company receives critical feedback without enough time to address potential shortcomings.

Supplementing the expertise of the monitor team

Monitors can benefit from supplementing their team with the experience and expertise a forensic firm provides, especially in matters relating to accounting, finance and the review of internal controls. Many of the ways forensic firms support monitors are quite similar to the themes described above and therefore are not detailed here. Forensic firms can provide support for reporting, project management, performing baseline risk assessments and testing remediation efforts. Monitors are also well served by leveraging forensic firms’ expertise in navigating complex data environments.

A monitor may also wish to have the forensic firm assess specific areas of a business. For example, a forensic firm is well-equipped to assess the adequacy of a company’s internal audit, investigations, compliance monitoring, data analytics and accounting functions. Specifically for internal audit, forensic professionals can provide guidance on improving the level and type of documentation incorporated into work papers, ensure audit work programmes capture relevant regulatory risks, deliver reporting that clearly articulates key observations and perform periodic root cause analysis to remediate audit findings. Similarly, an inexperienced internal investigations team could benefit from receiving feedback on how forensic firms conduct an investigation into a hotline complaint regarding alleged misconduct (i.e., a shadow investigation). Finally, forensic firms can provide useful guidance on developing insightful surveillance and monitoring of key risk areas within the company.

Partnering with the right forensic firm

Since every monitorship is different, it is important to consider the nature, complexity and subject matter of the assignment at hand when evaluating forensic firms. The paragraphs below describe factors for consideration when evaluating which forensic firm to engage.

  • Industry and subject-matter expertise: Prior experience in the subject matter and the industry of the monitorship are both important considerations when selecting a forensic firm. For example, the analysis required during a monitorship into bribery and corruption concerns will involve different skill sets and experience from a monitorship regarding environmental matters. A monitor should also consider how the experience and credentials of the forensic firm’s expertise will complement the monitor’s own team.
  • Experience and credibility with regulators: Many forensic firms have significant experience of working with certain regulators, and some even hire professionals who have worked for a regulator in the past. A company or monitor can gain insight into understanding the regulator’s expectations and anticipate potential areas of regulator concern by engaging a forensic firm that has a proven track record with a specific regulator (e.g., the US Department of Justice (US DOJ), the US Securities and Exchange Commission (US SEC) and the Environmental Protection Agency (EPA)).
  • Systems and data management expertise: In cross-border and multi-jurisdictional engagements, it is inevitable that there will be data privacy and management hurdles to address while ensuring that data collected, reviewed and analysed supports the overall goal of the monitorship. The EU General Data Protection Regulation (GDPR), which was enacted in May 2018, further compounds data management challenges within monitorships where relevant data resides in the European Union. Forensic firms should not only have the experience in dealing with these constraints but should also be able to apply sophisticated protocols that allow the monitor team access to the information it needs in a compliant fashion.
  • Global experience: It is also important to consider global experience when evaluating potential forensic firms. A forensic firm with global experience is likely to have diverse language skills, experience of working in multiple regions and a more sophisticated understanding of potentially applicable regulations. A global firm is also likely to be more sensitive to cultural differences that can arise while working in foreign jurisdictions. It is important to understand whether the forensic firm has sufficient expertise in-house, will have to use personnel from other locations, or will retain external contractors to bolster head count or specific language or technical expertise.
  • Independence: Like law firms, forensic firms need to ensure they do not accept work on matters that would present a conflict of interest to the potential client or any existing conflicts. The types of conflicts that may arise – and how a forensic firm perceives them – varies based on the size and specific policies of the firm. A forensic practice that is part of a large audit firm, for example, is likely to have more conflicts than a stand-alone practice.

Practical examples of forensic accountants in monitorships

As noted at the beginning of this chapter, the use of monitorships has matured considerably and regulators are imposing monitorships in response to a variety of organisational misconduct across a breadth of industries. In this new environment, forensic firms still have a fundamental role as the underlying purpose of monitorships still remains the same. The next section includes examples on how forensic firms provide assistance in anti-money laundering (AML) and sanctions, US Foreign Corrupt Practices Act (FCPA), audit malpractice, and environmental regulatory and fraud monitorships.

AML and sanctions

Forensic firms with multi-jurisdictional experience in the financial services industry and sophisticated forensic data analytics bring value to AML and sanctions monitorships that typically focus on analysing large volumes of data to detect potentially suspicious transactions or sanctions circumventions, and the company’s transaction monitoring processes, to identify potentially nefarious activity.

Financial institutions’ global compliance and business operations often rely on disparate systems that have evolved over time in response to business needs and regulatory requirements. This frequently presents a unique challenge for monitors that is exacerbated by legacy systems and technology. To assess compliance with multi-jurisdictional regulations, forensic firms use specialist tools and forensic data analytics to consolidate large volumes of data from multiple systems into one platform, isolate anomalies and identify connections between accounts or transactions that are indicative of money laundering. Routines can identify simple AML and sanctions risk (e.g., senders or recipients on exclusion lists or entities operating in known tax haven countries) but can also be designed to identify activity intended to evade regulatory controls. For example, more sophisticated routines may detect customers that frequently transfer money below thresholds to the same beneficial owner, flag recipients that present multiple indicia characteristic of shell companies, or recognise subsequent transaction patterns intended to mask the true nature of the transfer activity. Institution-wide data profiling may highlight business units or geographies where suspicious activity systematically went unnoticed, thus identifying process deficiencies as well as trends arising from market-specific risks. Finally, more sophisticated forensic analytics firms now use machine learning and artificial intelligence algorithms to find anomalous transactions and reduce false positives.

In economic-related and trade sanction-related monitorships, forensic firms leverage sophisticated forensic data analytics and previous experiences to identify transaction patterns that indicate potential sanctions circumvention. Forensic accountants can match specific terms to SWIFT[2] messages with higher sanctions risks and use electronic elimination to reduce false positives. Additionally, a monitor may rely on forensic firms during the sample selection process to trace payments or receipts of funds and identify corresponding customer or vendor invoices. For example, forensic firms have analysed sales and accounting data to identify inter-company transactions used to circumvent controls and facilitate sales to customers based in sanctioned countries. This allows the monitor to target transactions with a higher risk profile or pattern that evaded the interdiction software and to test interdicted transactions for compliance. For example, incoming funds from a recently onboarded customer can be traced back to specialist products or similar sales orders sold to previously blacklisted customers.

Forensic tools can be leveraged to analyse and consider structured (e.g., payment data) and unstructured data (e.g., emails, chat room data or voice recordings) from various sources. During the sample selection process, a monitor will typically review transactional data to identify suspicious transactions for further review. Forensic firms can offer alternative approaches that provide additional intelligence. For example, a monitor could first gather information from unstructured data about potential sales opportunities. Then, the information (e.g., entity or contact information) is used to inform the customer relationship management and enterprise risk planning data review process and allow the monitor to determine whether the sale materialised after the initial sales communication.

Forensic data specialists also perform network analyses to identify multi-layer relationships between entities (e.g., distributors) or understand a customer’s ownership structure. For example, a customer’s parent company may be based in a low-risk country but a subsidiary conducting business with the bank is located in a high-risk country.


US regulators frequently use compliance monitorships as an enforcement tool in corporate criminal proceedings when settling FCPA violations. FCPA monitorships often emphasise a robust, sustainable compliance department that exercises sufficient monitoring and oversight. A forensic firm with significant FCPA experience is skilled at advising companies on best practices in detecting and preventing bribes from being paid and implementing processes to encourage transparent books and records. A forensic firm brings this expertise to an FCPA monitorship by designing work steps that zero in on the business areas, activities and geographies with the highest bribery and corruption risk profile.

Companies may use third-party intermediaries to conceal bribes to foreign officials. Improper payments are rarely recorded as bribes in a company’s books and records and are frequently disguised as commissions, consulting fees and miscellaneous expenses. Employees go to great lengths to conceal bribes made to foreign officials, and forensic accountants experienced in FCPA matters and forensic data analytics can identify books and records violations. Through thoughtful analytics and insightful visualisations fuelled by previous experience, forensic accountants can identify anomalies in third-party activity by analysing trends (e.g., unusual spikes in sales), volume of activity (e.g., number and monetary value of payments) and activity by location (e.g., high-risk transaction types occurring in higher-risk jurisdictions). Forensic accountants can perform further analysis to identify activity indicative of improper payments or inaccurate books and records. For example, forensic accountants may identify significant payments to regions outside a company’s normal areas of operations (i.e., countries not identified in the vendor or customer master file), or unusual patterns of payments that do not make sense (e.g., a large volume of payments recorded with a vague description, such as ‘consulting fees’)

In addition to payments made through intermediaries, companies may also use gifts and other means of hospitality to influence foreign officials. Forensic firms can analyse sales opportunities and travel and entertainment information to identify amounts that have been reported across various entities and payment methods in an effort to evade controls designed to limit the value and frequency of gifts and hospitality. Companies may attempt to further conceal their use of third-party intermediaries by adding individuals or entities as employees rather than vendors, circumventing the vendor onboarding process all together. Forensic accountants can analyse employee master files and payroll activity to identify payments to ghost employees or bogus bonus payments.

Audit malpractice

The Public Company Accounting Oversight Board (PCAOB) establishes auditing and related professional standards for registered public accounting firms and may impose an independent monitor when an accounting firm violates these rules and standards. PCAOB monitor or independent consultant candidates are required to have substantial accounting and auditing experience and qualifications. The United Kingdom’s Financial Reporting Council and other regulators are expected to adopt similar requirements in the future.

Forensic firms often have team members with deep public accounting and audit experience, and as such are familiar with PCAOB auditing standards and can provide expert assessments of an accounting firm’s compliance with regulatory requirements. PCAOB settlements may require an accounting firm to make updates to its policies and procedures to improve quality control in areas where misconduct has occurred historically. For example, a forensic firm may need to assess an accounting firm’s ethics reporting and whistleblower hotlines, engagement quality review process, internal consultation with subject-matter experts or promotion of an ethical culture through management’s tone at the top. Forensic accountants apply a risk-based approach to the scope of their review considering the nature of the PCAOB’s enforcement, scope of remediation and risks specific to the accounting firm’s local market.

A forensic accountant’s approach to assessing an accounting firm’s compliance with the regulatory requirements may include a detailed review of policies and procedures, interviews with accounting firm personnel and process-level tests of the design, implementation and operational effectiveness of internal controls surrounding its quality control system and compliance with PCAOB auditing standards.

Environmental regulatory and fraud

For companies operating in the energy and environment space, there are several types of monitorships that may come into play in the wake of an environmental incident or environmental fraud: monitorships imposed by US (or other) court order; monitorships as part of an agreement with a US government agency (DOJ, SEC, EPA); and World Bank monitorships in which World Bank funding is involved. To address the level of technical complexity inherent in these monitorships and include testing for compliance with a broad range of environmental statutes, in addition to counsel and technical industry experts, forensic accountants and data analysts are helpful in assessing control design (where embedded in systems), analysing reporting and systems output, and assessing change management around software and algorithm development. Further, a team of forensic accountants experienced in addressing stringent confidentiality and trade secret issues, particularly in non-US jurisdictions where the GDPR may also come into play, may help with designing protocols for review of sensitive data in an anonymised but auditable fashion.


As highlighted herein, forensic firms draw on multi-jurisdictional experience, an understanding of regulatory issues and investigations skills to perform risk-based analyses, controls testing, data analytics, risk assessments and review of a multitude of compliance programmes (e.g., corporate and social responsibility, human rights, product liability, sanctions, anti-bribery and corruption, anti-money laundering and counter-terrorism financing, and taxation). When properly leveraged throughout the life of the monitorship, these skill sets are invaluable to monitors and companies under monitorship alike.


1 Frances McLeod is a founding partner, Emma Hodges, Neil Goradia and Jenna Voss are partners, and Samantha Hsu is a director at Forensic Risk Alliance. The authors acknowledge the contributions of associate directors Sarah Goessler and Ashley Esponda to this chapter.

2 Society for Worldwide Interbank Financial Telecommunication.

Get unlimited access to all Global Investigations Review content