The Role of Forensic Firms in Monitorships

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

Global use of monitorships has increased significantly during the past decade and recent developments across the enforcement landscape indicate that we can expect the use of independent monitors to remain an important enforcement tool in multiple jurisdictions. Ranging from court-appointed monitorships to quasi-monitorships, the use of corporate monitors is prominent in the US government’s enforcement regime, and is featuring increasingly in United Kingdom and European regulatory prosecutions as well.

Historically stemming primarily from investigations into alleged bribery and corruption, regulators are now imposing monitorships in response to a variety of organisational misconduct across a breadth of industries. Monitors have been installed, for example, to oversee and assess conduct in:

  • police departments (focusing on cultural change);
  • the automotive industry (assessing controls around research and development, and regulatory compliance, such as safety and emissions standards);
  • financial institutions (testing anti-money laundering and sanctions-related compliance programmes); and
  • public accounting and auditing firms (overseeing quality control and cultural improvements).

As the scope of monitorships has evolved, so has the role of forensic accountants in these engagements. Chartered and certified public accountants, certified fraud examiners, anti-money laundering specialists, data specialists and analysts (including data privacy and cybersecurity experts), and industry-specific experts within forensic accounting firms (forensic firms) marry complementary expertise in anti-corruption, anti-money laundering, sanctions and counter-terrorism financing investigations, data governance and analysis, compliance programme design, review and testing, process review and internal controls testing, audit negligence assessments, disgorgement and the ability to pay calculations.

Forensic firms serve in a number of capacities on monitorships, depending on the nature of the monitorship, the regulator’s mandate, the terms of the settlement agreement and the level of sophistication or maturity of the company’s compliance programme. A firm may take on the role of monitor if a monitorship requires subject-matter expertise that sits within a forensic accounting firm. Forensic advisers may also support a company during its monitorship by helping the company proactively understand and respond to key issues since companies often find themselves overwhelmed by the preparation, remediation and the burden on time and resources that monitorships often require. Finally, a forensic firm may also collaborate with the monitor to provide support in specific areas in line with the forensic firm’s areas of expertise.

This chapter primarily focuses on how forensic firms support a monitor or company through the monitorship process.

Leveraging forensic accountants and forensic data analytics

Forensic firms leverage closely integrated teams with varied yet complementary expertise, and use their unique blend of skills and expertise to facilitate the evaluation of historical conduct and necessary remediation efforts. This section describes how companies operating under a monitorship can leverage forensic firms to supplement their teams. Many of these areas also parallel situations in which forensic firms can prove invaluable to a monitor.

Complementary expertise and resources for companies under monitorship

Forensic firms are experts in triaging a company’s controls landscape, performing baseline risk and compliance programme assessments, understanding a company’s systems and monitoring capabilities, identifying and collecting relevant data, and developing action plans to address critical issues. A forensic firm can act as an adviser and provide guidance to the company in these important areas, especially if the company does not have a mature compliance programme.

A company preparing for a monitorship should also consider whether its personnel possess sufficient resources and skills to meet the requirements of a monitorship, including the inevitable associated project management and information-gathering activities associated with a monitorship, as this is critical to successful completion. Companies often lack the required processes for gathering and delivering requested documents as this is not part of their standard operating procedures. If the monitor cannot obtain evidence of the enhancements in a timely manner, a company could find itself in the costly position of a delays or even an extension of the monitorship period. Reputable forensic firms possess project management experience in sensitive, time-critical situations and have an understanding of the information needed to satisfy monitor requests and regulatory expectations. Therefore, they can take on or help to support the company with satisfying many of the imminent requirements once a company enters a monitorship.

Monitorships also often require resource-intensive remediation projects and companies must consider whether they have sufficient capacity to design and implement action plans, train staff and develop policies and procedures as required to achieve certification. Forensic firm resources can temporarily alleviate the burden on the company’s employees who are also responsible for carrying out their daily job responsibilities. For example, a financial institution may consider retaining a forensic firm to assist with a backlog of ‘know your customer’ onboarding forms.

Navigating international monitorships and data management

The global nature of businesses today frequently results in transnational operations. As such, investigations and convictions often involve misconduct that has occurred abroad. For example, European companies that engage in wrongdoing in the United States can be prosecuted by US regulators, such as the US Department of Justice (US DOJ), who may require a foreign independent monitor as part of a settlement agreement.

The cross-border nature of these monitorships presents additional complexities. Importantly, these matters require the monitor team to possess appropriate language skills, local knowledge and in-country experience to facilitate the navigation of communication barriers, local regulatory requirements and sensitive cultural differences.

There are other critical challenges in respect of different data protection regimes. Information that a monitor commonly requests (such as a list of company employees) is often considered sensitive data under local regulations, such as Regulation (EU) 2016/679 (the General Data Protection Regulation (GDPR)), enacted in the European Union in May 2018. As such, the data protection requirements of local jurisdictions can hinder the process of collecting, storing and ultimately reviewing company data.

A forensic firm that possesses appropriate data governance capabilities – including adequate infrastructure, staff and knowledge in key jurisdictions – can provide the necessary expertise to navigate any data privacy restrictions and impediments to data transfers brought about by local regulations. It is critical to establish data transfer protocols that enable companies to respond to monitor and regulator requests in a manner that is not only timely but also compliant with local legislation.

Global companies also often have myriad data sources and systems, and navigating information technology (IT) systems to extract required information can prove challenging, even in a business-as-usual setting. The IT landscape is especially complicated for companies that have expanded through acquisitions or maintain disparate systems in different locations. When handed a request for aggregate information (such as a list of global clients), companies often have a hard time compiling the required data from the various systems under the deadlines and pressure of a monitorship. A forensic firm can help a company lessen potential pain points in the data collection process, navigate data collection and validation challenges, and work with the monitor to ensure requests are specific, targeted and formulated in a way that will make sense to a company’s IT team.

Understanding historical misconduct and designing recommendations

A company’s history of misconduct is important when determining the terms of a settlement agreement, and having a clear understanding of the events and decisions that preceded the misconduct is crucial for the company to take appropriate action. Forensic firms can serve a critical role in reviewing company records (which often include large sets of data) to help a company understand what went wrong historically and to ensure it designs and implements remedial actions in a manner that will not only address the root cause of prior issues but also enable continuous monitoring. During the initial planning phase, it is important for a company to conduct a thorough risk assessment and identify risks relevant to the monitorship (e.g., geographically, by customer type or by business unit). A forensic firm experienced in these assessments will be adept in identifying risks through a combination of data analytics, targeted review of documents, interviews and control testing.

Control testing during the initial assessment will also deliver examples of what is actually happening in practice, help to pinpoint existing or remaining risk areas, and identify isolated and systemic issues. Forensic firms can then draw on experience in other matters to assess which risks within the company are the most critical for the company to remediate, given the historical concerns underlying the settlement agreement.

Developing, executing and testing remediation plans

Ensuring that a remediation plan is designed with a view to post-monitorship sustainability and continuous self-monitoring is crucial to guarantee both the robustness of the company’s compliance programme and the success of the monitorship. The company will need to develop, execute, test and communicate its remediation plans, as well as train its employees and develop appropriate guidance in response to the monitor’s recommendations. A forensic firm may help the company to interpret these recommendations and support the company’s remediation plans. Developing a remediation plan will often require a holistic evaluation of a company’s control environment, which can benefit from a forensic firm’s assessment of whether controls are appropriately designed and operating effectively.

Execution of a monitor’s recommendations often require enhancements to – or even replacement of – the key financial, accounting and operational systems. A forensic firm with systems-related expertise can help to evaluate a company’s technical and systems environment, including ensuring that it has the appropriate capability to support the operational and compliance functions within the company. Expertise in systems implementation and integration, data transfer and data governance is necessary to ensure accurate assessments, provide the necessary insight to remediate issues or gaps, and enable effective self-monitoring. These assessments can help to evaluate controls embedded within systems and the governance around systems implementation efforts.

Transaction testing is often critical to assess remediation efforts and control effectiveness. Forensic firms perform multiple iterations of testing to evaluate whether transactions are consistently in accordance with the company’s policies and procedures, supported by a reasonable business rationale and appropriately documented and reported. Aiding in this testing are forensic analytics specialists, who help to identify suspicious transactions or those not aligned with company policy. These specialists develop sophisticated algorithms to process large volumes of data quickly, extract key observations and create the necessary transparency to understand the effectiveness of remediation steps.

Finally, depending on the monitorship’s established reporting cadence, a company may not receive feedback from the monitor except at predefined intervals, sometimes even as infrequently as once per year. Forensic firms can use proactive testing to provide transparency in remediation efforts in a timely manner and, therefore, mitigate the risk that the company receives critical feedback without sufficient time to address potential shortcomings.

Supplementing the expertise of the monitor team

Monitors can benefit from supplementing their team with the experience and expertise a forensic firm provides, especially in accounting and finance matters and the review of internal controls. Many of the ways forensic firms support monitors are quite similar to the themes described above and, therefore, are not detailed here. Forensic firms can provide support for reporting, project management, performing baseline risk assessments and testing remediation efforts. Monitors are also well served by leveraging forensic firms’ expertise in navigating complex data environments.

A monitor may also want the forensic firm to assess specific areas of a business. For example, a forensic firm is well equipped to assess the adequacy of a company’s internal audit, investigations, compliance monitoring, data analytics and accounting functions. Specifically for internal audit, forensic professionals can provide guidance on improving the level and type of documentation incorporated into work papers, ensure audit work programmes capture relevant regulatory risks, deliver reporting that clearly articulates key observations and perform periodic root cause analysis to remediate audit findings. Similarly, an inexperienced internal investigations team could benefit from receiving feedback on how forensic firms conduct an investigation into a hotline complaint regarding alleged misconduct. Finally, forensic firms can provide useful guidance on developing insightful continuous surveillance and monitoring of key risk areas within the company.

Partnering with the right forensic firm

Since every monitorship is different, it is important to consider the nature, complexity and subject matter of the assignment at hand when evaluating forensic firms. The paragraphs below describe factors for consideration when considering which forensic firm to engage.

  • Industry and subject-matter expertise: Prior experience in the subject matter and the industry of the monitorship are both important considerations when selecting a forensic firm. For example, the analysis required for monitoring bribery and corruption concerns will involve different skill sets and experience from a monitorship regarding environmental matters. A monitor should also consider how the experience and credentials of the forensic firm’s expertise will complement the monitor’s own team.
  • Experience and credibility with regulators: Many forensic firms have significant experience of working with certain regulators, and some even hire professionals who have worked for a regulator in the past. A company or monitor can gain insight into understanding the regulator’s expectations and anticipate potential areas of regulatory concern by engaging a forensic firm that has a proven track record with a specific regulator (e.g., the US DOJ, the US Securities and Exchange Commission (SEC) and the Environmental Protection Agency (EPA)).
  • Systems and data management expertise: In cross-border and multi-jurisdictional engagements, it is inevitable that there will be data privacy and management hurdles to address while ensuring that data collected, reviewed and analysed supports the overall goal of the monitorship. For instance, the GDPR further compounds data management challenges within monitorships where relevant data resides in the European Union. Forensic firms should not only have the experience in dealing with these constraints but should also be able to apply sophisticated protocols that allow the monitor team access to the information it needs in a compliant fashion.
  • Global experience: It is also important to consider global experience when evaluating potential forensic firms. A forensic firm with global experience is likely to have diverse language skills, experience of working in multiple regions and a more sophisticated understanding of potentially applicable regulations. A global firm is also likely to be more sensitive to cultural differences that can arise while working in foreign jurisdictions. It is important to understand whether the forensic firm has sufficient expertise in-house, will have to use personnel from other locations, or will retain external contractors to bolster head count or to meet specific language or technical expertise requirements.
  • Independence: Like law firms, forensic firms need to ensure they do not accept work on matters that would present a conflict of interest to the potential client or any existing conflicts. The types of conflicts that may arise – and how a forensic firm perceives them – will vary depending on the size and specific policies of the firm. A forensic practice that is part of a large audit firm, for example, is likely to have more conflicts than a stand-alone practice.

Practical examples of forensic accountants in monitorships

As noted at the beginning of this chapter, the use of monitorships has matured considerably and regulators are imposing monitorships in response to a variety of organisational misconduct across a breadth of industries. In this new environment, forensic firms still have a fundamental role as the underlying purpose of monitorships still remains the same. The following subsections include examples of how forensic firms provide assistance in anti-money laundering (AML) and sanctions, US Foreign Corrupt Practices Act (FCPA), audit malpractice, and environmental regulatory and fraud monitorships.

AML and sanctions

Forensic firms with multi-jurisdictional experience in the financial services industry and sophisticated forensic data analytics bring value to AML and sanctions monitorships that typically focus on analysing large volumes of data to detect potentially suspicious transactions or sanctions circumventions, and a company’s transaction monitoring processes, to identify potentially nefarious activity.

Financial institutions’ global compliance and business operations often rely on disparate systems that have evolved over time in response to business needs and regulatory requirements. This frequently presents a unique challenge for monitors that is exacerbated by legacy systems and technology. To assess compliance with multi-jurisdictional regulations, forensic firms use specialist tools and forensic data analytics to consolidate large volumes of data from multiple systems into one platform, isolate anomalies and identify connections between accounts or transactions that are indicative of money laundering. Routines can identify simple AML and sanctions risk (e.g., senders or recipients on exclusion lists or entities operating in known tax haven countries) but can also be designed to identify activity intended to evade regulatory controls. For example, more sophisticated routines may detect customers that frequently transfer money below thresholds to the same beneficial owner, flag recipients that present multiple indicia characteristic of shell companies, or recognise subsequent transaction patterns intended to mask the true nature of the transfer activity. Institution-wide data profiling may highlight business units or geographies where suspicious activity systematically went unnoticed, thus identifying process deficiencies as well as trends arising from market-specific risks. Finally, more sophisticated forensic analytics firms now use machine learning and artificial intelligence algorithms to find anomalous transactions and reduce false positives.

In economic-related and trade sanction-related monitorships, forensic firms leverage sophisticated forensic data analytics and previous experiences to identify transaction patterns that indicate potential sanctions circumvention. Forensic accountants can match specific terms to SWIFT[2] messages with higher sanctions risks and use electronic elimination to reduce false positives. Additionally, a monitor may rely on forensic firms during the sample selection process to trace payments or receipts of funds and identify corresponding customer or vendor invoices. For example, forensic firms have analysed sales and accounting data to identify inter-company transactions used to circumvent controls and facilitate sales to customers based in sanctioned countries. This allows the monitor to target transactions with a higher risk profile or pattern that evaded the interdiction software and to test interdicted transactions for compliance. For example, incoming funds from a recently onboarded customer can be traced back to specialist products or similar sales orders sold to previously blacklisted customers.

Forensic tools can be leveraged to analyse and consider structured (e.g., payment data) and unstructured data (e.g., emails, chat room data or voice recordings) from various sources. During the sample selection process, a monitor will typically review transactional data to identify suspicious transactions for further review. Forensic firms can offer alternative approaches that provide additional intelligence. For example, a monitor could first gather information from unstructured data about potential sales opportunities. Then, the information (e.g., entity or contact information) is used to inform the customer relationship management and enterprise risk planning data review process and allow the monitor to determine whether the sale materialised after the initial sales communication.

Forensic data specialists also perform network analyses to identify multi-layer relationships between entities (e.g., distributors) or to understand the ownership structure of a financial institution’s customer. For example, a customer’s parent company may be based in a low-risk country but a subsidiary conducting business with the financial institution is located in a high-risk country.


US regulators frequently use compliance monitorships as an enforcement tool in corporate criminal proceedings when settling FCPA violations. FCPA monitorships often emphasise a robust, sustainable compliance department that exercises sufficient monitoring and oversight. A forensic firm with significant FCPA experience is skilled at advising companies on best practices for detecting bribes and preventing bribes from being paid and implementing processes to encourage transparent books and records. A forensic firm brings this expertise to an FCPA monitorship by designing work steps that zero in on the business areas, activities and geographies with the highest bribery and corruption risk profile.

Companies may use third-party intermediaries to conceal bribes to foreign officials. Improper payments are rarely recorded as bribes in a company’s books and records and are frequently disguised as commissions, consulting fees and miscellaneous expenses. Employees go to great lengths to conceal bribes made to foreign officials, and forensic accountants experienced in FCPA matters and forensic data analytics can identify book and record violations. Through thoughtful analytics and insightful visualisations fuelled by previous experience, forensic accountants can identify anomalies in third-party activity by analysing trends (e.g., unusual spikes in sales), volume of activity (e.g., number and monetary value of payments) and activity by location (e.g., high-risk transaction types occurring in higher-risk jurisdictions). Forensic accountants can perform further analysis to identify activity indicative of improper payments or inaccurate books and records. For example, forensic accountants may identify significant payments to regions outside a company’s normal areas of operations (e.g., countries not identified in the vendor or customer master file), or unusual patterns of payments that do not make sense (e.g., a large volume of payments recorded with a vague description, such as ‘consulting fees’).

In addition to payments made through intermediaries, companies may also use gifts and other means of hospitality to influence foreign officials. Forensic firms can analyse sales opportunities and travel and entertainment information to identify amounts that have been reported across various entities and payment methods in an effort to evade controls designed to limit the value and frequency of gifts and hospitality. Companies may attempt to further conceal their use of third-party intermediaries by adding individuals or entities as employees rather than vendors, circumventing the vendor onboarding process all together. Forensic accountants can analyse employee master files and payroll activity to identify payments to ghost employees or bogus bonus payments.

Audit malpractice

The Public Company Accounting Oversight Board (PCAOB) establishes auditing and related professional standards for registered public accounting firms and may impose an independent monitor when an accounting firm violates these rules and standards. PCAOB monitor or independent consultant candidates are required to have substantial accounting and auditing experience and qualifications. The United Kingdom’s Financial Reporting Council and other regulators are expected to adopt similar requirements in the future.

Forensic firms often have team members with deep public accounting and audit experience, and as such are familiar with PCAOB auditing standards and can provide expert assessments of an accounting firm’s compliance with regulatory requirements. PCAOB settlements may require an accounting firm to make updates to its policies and procedures to improve quality control in areas where misconduct has occurred historically. For example, a forensic firm may need to assess an accounting firm’s ethics reporting and whistleblower hotlines, engagement quality review process, internal consultation with subject-matter experts or promotion of an ethical culture through management’s tone at the top. Forensic accountants apply a risk-based approach to the scope of their review considering the nature of the PCAOB’s enforcement, scope of remediation and risks specific to the accounting firm’s local market.

A forensic accountant’s approach to assessing an accounting firm’s compliance with the regulatory requirements may include a detailed review of policies and procedures, interviews with accounting firm personnel and process-level tests of the design, implementation and operational effectiveness of internal controls surrounding its quality control system and compliance with PCAOB auditing standards.

Environmental regulatory and fraud

For companies operating in the energy, transportation and environment sectors, there are several types of monitorships that may come into play in the wake of an environmental incident or environmental fraud: monitorships imposed by a United States (or other) court order; monitorships as part of an agreement with a US government agency (DOJ, SEC or EPA); and World Bank monitorships in which World Bank funding is involved. To address the level of technical complexity inherent in these monitorships and include testing for compliance with a broad range of environmental statutes, in addition to counsel and technical industry experts, forensic accountants and data analysts are helpful in assessing control design (where embedded in systems), analysing reporting and systems output, and assessing change management around software and algorithm development. Further, a team of forensic accountants experienced in addressing stringent confidentiality and trade secret issues, particularly in non-US jurisdictions where the GDPR may also come into play, may help with designing protocols for review of sensitive data in an anonymised but auditable fashion.


As has been highlighted, forensic firms draw on multi-jurisdictional experience, an understanding of regulatory issues and investigations skills to perform risk-based analyses, controls testing, data analytics, risk assessments and reviews of a multitude of compliance programmes (e.g., corporate and social responsibility, human rights, product liability, sanctions, anti-bribery and corruption, anti-money laundering and counter-terrorism financing, and taxation). When properly leveraged throughout the life of the monitorship, these skill sets are invaluable to monitors and companies under monitorship alike.


1 Frances McLeod is a founding partner, Jenna Voss and Samantha Hsu are partners and Anushka Ram is a director at Forensic Risk Alliance. The authors acknowledge the contribution of manager Jorge Lopes to this chapter.

2 Society for Worldwide Interbank Financial Telecommunication.

Unlock unlimited access to all Global Investigations Review content