Forensic Accounting in Cross-border Investigations

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

The origin of many investigations can be traced back to a tension or outright conflict between international regulatory standards and local practice. The actions of a small subsidiary, a business function in one office or even a rogue employee can have wide-ranging implications for head office thousands of miles away. This is particularly true for cases involving corrupt payments or sanctions violations where any suspected violations must be investigated. The extraterritorial reach of such laws combined with the increasingly globalised nature of business means forensic accounting investigations will inevitably cross borders.

In the past, the role of forensic accountants has been focused on cleaning up issues affecting multinationals, particularly in addressing alleged Foreign Corrupt Practices Act (FCPA) violations. The level of investment in compliance programmes and awareness of compliance issues has been skewed to the FCPA such that in many jurisdictions in Asia flagrant FCPA issues are now the exception rather than the norm. However, global political tensions and economic factors, the impact of the trade war and rising levels of debt in China, are resulting in increasing pressure on earnings and associated compliance issues, which is affecting both multinationals operating in China as well as Chinese corporations with international exposure.

This creates challenges for investigations professionals to remain effective, including the requirements for awareness of, and expertise in investigating, multiple compliance risks and fraud issues. The statistics indicate that numerous types of fraud can be identified during the course of an investigation, which increases the importance of being armed with the right technology to access and analyse the relevant data. The efficient and effective deployment of technology tools is essential in the fact-gathering process, particularly when working with compressed timelines.

A perfect storm for corruption

The Asia-Pacific region continues to see high levels of activity relating to familiar issues involving anti-corruption compliance. China has long been the focus of investigations and enforcement activity. There are several key factors that have combined to make the perfect storm for corruption in China: the importance of China for global business, China’s long-standing corruption problems, increased enforcement by regulatory authorities and, in recent years, China’s slowing growth. While China continues to see a large number of cases, the volume of investigations elsewhere in Asia-Pacific is also significant. Increasingly, operations in Southeast Asia and India are attracting attention. It is no secret that China has been a priority market for multinationals and global private equity firms for many years, but the China market may be in danger of losing its lustre. Coming in various waves over the past two decades, foreign investment helped drive China’s dramatic economic development, and at times China has even rivalled the United States as the world’s top foreign direct investment destination. With the sheer volume of foreign investment, China’s chronic corruption problems have resulted in continuous, significant exposure as multinationals have entered and tried to navigate the Chinese market.

China is not unique in being a developing economy with corruption issues. However, what is unique is the sheer size of its economy combined with the pervasive direct role played by the state. Despite reforms, according to the Organisation for Economic Co-operation and Development, China has 51,000 state-owned enterprises; the country with the next highest amount is Hungary with 370.1 Even ostensibly private domestic companies may actually be state-owned or controlled (in full or in part) through state ownership in their group organisational structure (for example, from local level holding companies of the State-Owned Assets Supervision and Administration Commission). In addition, truly private companies with no state-ownership are often also heavily influenced by local government. Following substantial reforms in the 1990s, there have been no major moves towards the widespread removal of the state’s direct role in the economy and this is a fundamental root cause of China’s chronic corruption problem.

Evolving corruption schemes

When major FCPA cases first started to emerge in the early to mid-2000s, conducting investigations was relatively straightforward. Personnel were typically completely unaware of the necessity for anti-corruption compliance or why a US law should apply in an Asia-Pacific jurisdiction. In combination with this, the business culture in much of the Asia-Pacific region has also long been characterised by gift-giving and entertainment. As such, relevant transactions were often readily transparent in a company’s books and records. For example, it was common to see transactions clearly recorded in the general ledger with descriptions such as ‘gifts of alcohol and tobacco to government officials’.

As corruption cases became more frequent and visible, multinationals started to require anti-corruption due diligence as part of any prospective deal. Concurrently, compliance programmes evolved from a simple ethics statement to a fully fledged package of detailed policies and supporting procedures. This evolution resulted in a growing awareness of anti-corruption issues among employees. As awareness of bribery and corruption issues increased, the methods for making and disguising corrupt payments evolved as well. Early FCPA matters drew attention to gifts, entertainment and travel provided to government officials. Compliance programmes now typically contain provisions asserting controls and company guidelines for these types of activities and in rolling out FCPA compliance programmes these constitute the low-hanging fruit.

However, with the increased awareness of corruption issues, there has been a general shift in corruption-related schemes from relatively higher-volume and lower-dollar value schemes (excessive meals, gifts and travel), to relatively lower-volume and higher-dollar value schemes involving more creative, opaque approaches (such as increased use of third parties and schemes similar to those seen in embezzlement cases). One example of this involves the creative use of third-party consultants in response to greater scrutiny of fictitious supporting documentation, whereby a series of different third-party consultants in utilised over short periods for the same scope of work. A typical scenario may involve a consultant being hired by a high-risk function in the company for a high-risk scope of work, such as interfacing with government officials. The consultant would issue valid, officially registered invoices, so an initial examination of the company’s books and records would present no red flags. However, the consultant would then depart after a brief duration (less than a year) and be replaced by another consultant with the same function and scope. In addition, these consultants would essentially be start-ups with no history, track record or recognisable presence in the market; highlighting the need for substantive due diligence on intermediaries and third parties. In these cases, companies have effectively attempted to outsource their bribery. As a result, investigations and compliance programmes have had to expand in scope to ensure third-party risk is being adequately addressed.

Foreign companies in China have put considerable effort and investment into building compliance and fraud prevention programmes, but as the external pressures increase, more will need to be done to stay ahead of a rapidly-evolving risk and threat environment. Companies need to reassess the effectiveness of their programmes to weather the coming storm. As trade tensions between the US and China continue to mount, much of the media coverage has focused on global supply chains and multinationals seeking to relocate operations outside China. One area of risk – which may not manifest itself immediately but whose effects might be felt deeper and longer – is the FCPA.

China’s response to US tariffs and the trade tensions has varied, from hints of retaliation to suggestions of accommodation. Nevertheless, since the US first levied tariffs against Chinese goods, American companies have reported an overwhelmingly negative impact of the tariffs on their business in China. Furthermore, and perhaps more importantly, American companies have reported an increase in non-tariff barriers in China, as local environmental and tax regulators have increased inspections, and companies also report longer times to clear customs and secure necessary licences.

FCPA risks stem from two principal sources within a company’s operations – revenue generation and regulatory issues. Non-tariff barriers have been classic issues for FCPA cases. With the reported increase in these barriers, employees within a company’s China operations face considerably increased pressure to commit acts that could violate the FCPA. Pressure from these types of barriers has been an issue in China operations for some time.

The uptick in non-tariff barriers is only the latest chapter in the saga of increasing Chinese protectionism. This underscores the likelihood that the rising pressures for FCPA risks in China will not abate anytime soon, unless US–China trade tensions are quickly resolved, which seems unlikely. Even if the trade war can be settled without further major disruption, tensions between the US and China are likely to persist. A 2018 survey conducted by Pew Research found that the trade deficit with China ranked only fifth among Americans concerns, with American debt held by the Chinese government and cyberattacks from China both ranking higher.

Chinese corporations under the spotlight

Over the past year, Chinese firms in the technology sector have been subject to high profile regulatory actions in the US. This trend is likely to continue for the foreseeable future. One interesting observation is the use of different levers. In the case of ZTE, the Department of Commerce put in place a monitor for an unprecedented period of 10 years in response to the company allegedly providing false information relating to disciplinary actions taken against employees as part of its original settlement agreement for sanctions violations. In contrast, Huawei is subject to the US Commerce Department’s Entity List, which prohibits suppliers from providing certain technology or software to Huawei.

As with corruption investigations, some of the key risks associated with, and often the focus of investigation of, alleged sanctions violations lie with the use of third parties. In the majority of sanctions cases, the transactions are conducted through intermediaries in an attempt to avoid detection, requiring investigators to focus on third-party due diligence, the profile and operating history of business partners, and the underlying commercial rationale of transactions. Visibility into distribution channels will continue to present challenges.

While regulatory actions against Chinese companies have focused on the technology sector, a key test will be whether similar measures start to be implemented against a broader group of Chinese companies looking to expand overseas. Over the past decade, investigators have regularly been called in amid financial reporting concerns, particularly following a spate of Chinese firms listing in the US through reverse mergers. With the current economic pressures the country is facing, there are increasing signs that financial reporting fraud is making a major comeback in China.

The resurgence of financial integrity and quality of earnings issues

Macroeconomic conditions influence the prevalence and different types of fraud uncovered. As mentioned above, China’s GDP growth continues to slow and the potential impact of US tariffs presents a further challenge. China’s response to previous slowing growth has been to double down on debt-fuelled infrastructure investment. As a 1 article aptly puts it, ‘a sizable chunk of China’s economy may depend these days on building roads and rail lines into the desert using borrowed money.’2 Economic growth driven by these factors remains unsustainable and points to slower growth rates over time, and it remains to be seen whether domestic consumer consumption and a burgeoning tech sector can pick up the slack. At the time of writing, China reported its lowest gross domestic product data since 1992.3 Reliance on debt-fuelled growth cannot be maintained and China has taken steps to enact a critical deleveraging of the debt in its economy.

The tightening of credit coupled with policy moves to reduce the level of shadow financing will have an impact as businesses come to terms with the new normal in access to credit. In this regard, as economic pressure has mounted, we are seeing the re-emergence of classic financial statement fraud issues as well as more sophisticated schemes designed to pacify regulators, attract and retain investment, and maintain access to liquidity. Managed earnings as well as aggressive and fraudulent accounting practices are likely to be an increasing reality in China. Indeed, an indicator of this has already emerged through the increased number of proceedings by the Enforcement Division of Hong Kong’s Securities and Futures Commission (SFC), which has stated three major enforcement priorities for listed companies: IPO fraud and sponsor misconduct, false or misleading financial statements, and corporate governance failures.

Under the executive director of enforcement, Thomas Atkinson, the SFC is moving towards a more proactive and preventative approach to regulation. Through a combination of real-time, front-loaded and thematic reviews, the commission is adopting measures to increase deterrence and shorten response times when irregularities related to listed corporations are identified. There has been a clear trend in decreasing volume investigations in recent years, from 507 investigations started in 2015–16, to 414 in 2016–17, 280 in 2017–18 and 238 in 2018–19.4 This reflects the SFC’s focus both on front-loaded measures, as well as concentrating resources on the most serious instances of alleged misconduct.

As a reflection of the increasingly cross-border nature of investigations, the SFC has also strengthened its relationship with regulators in mainland China. In October 2014, the SFC and China Securities Regulatory Commission (CSRC) entered into a memorandum of understanding (MOU) on strengthening cross-boundary regulatory and enforcement cooperation under the Mainland-Hong Kong Stock Connect.5 With the MOU, the regulators of SFC and CSRC will provide mutual assistance to combat cross-border misconduct and suspicious trading activity in Hong Kong and mainland China. Further, in July 2019 the SFC signed a tripartite MOU with the CSRC and the Ministry of Finance (MOF) regarding access to audit working papers arising from the audits of Hong Kong-listed companies with operations in mainland China.6

Emerging markets

As stated above, multinationals have continued exposure to FCPA risk in China. However, in recent years there has been a marked increase in the need for investigations in less developed jurisdictions in the Asia-Pacific region, where economic conditions and compliance programmes lag behind China. This has led to an increase of investigative activity in India and Indonesia, in particular.

As private equity interest in the region increases, there is also an increasing emphasis in conducting proactive reviews of target companies. 1 estimates that private equity firms have built up a record cash pile of US$2.5 trillion.7 As firms are under pressure to put these funds to work, it is likely that a significant portion of these deals will carry compliance risks. Proactive reviews and effective compliance programmes will be essential in order to identify such risks at the pre-deal stage and ensure they are managed appropriately.

Cross-border data challenges

Investigators are often required to strictly segregate data sourced from different jurisdictions based on local data laws, and in the case of China, the Law of the People’s Republic of China on Guarding State Secrets. Similarly, in Japan, following amendments to the Act of Personal Information Protection, the Personal Information Protection Commission (PIPC) was established. According to PIPC regulations, entities must obtain the consent of the data subject prior to disclosure to overseas third parties. Transfer of any customer or employee data should only be done after careful due diligence on the terms and conditions in place with customers and employee contracts. In practice, it may not be possible to obtain a satisfactory level of comfort that the appropriate consents are in place and, in many instances, concerns about data security could mean that data must stay within the client premises, particularly when dealing with large volumes of customer data.

This creates significant challenges in both the execution and reporting of findings in cross-border investigations. Where data can be aggregated from multiple locations, the efficiency of the investigation is increased. For practical reasons, it is helpful for investigating professionals to be able to review and share data between locations. Also, when conducting data analytics-based exercises, the analysis is more valuable when the data sits in one database and appropriate tests can be run across data extracted from all relevant sources. For example, an analytical exercise reviewing expense reports by individual employees would ideally be able to identify benchmarks and outliers between employees across the entire business operations.

This also applies to unstructured data, where one of the main benefits of e-discovery software is to deduplicate documents collected from various data sources. Deduplication can be achieved through analysis of metadata without sharing the contents of the data across borders. However, the effectiveness of email threading analysis, grouping all emails in the same chain and identifying only unique content for review, will be partly affected if there is a requirement for segregated data.

Strict data requirements necessitate a great deal of planning and preparation on the part of investigating professionals. While it is often necessary for all data collected during the e-discovery process to be hosted in-country, this may not solve the issue of dealing with working papers and other documents obtained by forensic accountants and other investigating professionals. In most professional firms, in the ordinary course of business the preference is to store working files on cloud-based systems. This might not be appropriate for a cross-border investigation as it may limit the control that can be placed on accessing and transmitting data. Another consideration is the location of email servers and the back-up policy of the investigating firm. Data may be effectively leaving the jurisdiction unbeknown to the individual user by virtue of server locations and routine backups. These considerations must be balanced with the risks associated with data loss if backups are disabled. One commonly used solution is to deploy a mobile server at the client site on a closed network. This means the flow of data is controlled much more easily, but where data is hosted on client premises, measures should be put in place to ensure that the data is protected from potential interference.

Keeping data on a closed network also creates challenges when it comes to reporting findings. Regulators and other stakeholders will expect to be kept apprised of developments as the investigation progresses and, of course, receive a final report. The impact of the report, particularly when it involves personal data, may be lessened when findings can only be reported as part of aggregated data or in an anonymised format. For a corruption investigation, the findings will be at the level of individual transactions, payments to whom, on what date and authorised by whom. This is typically less of an issue for financial statement fraud cases where the focus of the investigation is usually to try to ascertain the real underlying financial position of the entity under investigation. However, the conduct of individuals will still be a focus of regulators in all cases. In many jurisdictions, this information cannot be reported outside of the relevant jurisdiction, so careful determinations must be made about how findings are reported based on appropriate legal advice, as necessary.

The use of technology tools can greatly assist the progress and efficiency in an investigation, but the first consideration when deploying these tools is ensuring that they are set up and operated in a controlled environment that is compliant with local data privacy laws. Investigators should be prepared to explain to the relevant authorities what measures have been put in place to comply with local laws. In these situations, as with all compliance matters, planning and documentation of the controls in place is key.

Technology assisted review

Technology assisted review (TAR) – using machine learning as part of the document review process – has been accepted by courts in the United States for some time. The take-up in Asia-Pacific countries has been less widespread, particularly for internal investigations. This is a result of a mixture of factors, some unique to Asia and others relating to the technology generally.

The latest TAR software has a number of different functions that can aid the review process. Typically, the process involves taking a set of reviewed seed documents from which the software will look for common factors and apply predictive coding to the remaining review population. This is then refined and validated through an iterative process until the software determines that the remaining documents do not need to be reviewed or, technically speaking, that the probability that the relevance of any document that has not been reviewed (by a human) is outside predetermined statistical parameters.

Critically for investigations in the Asia-Pacific region, the technology has demonstrated its efficacy when dealing with Asian languages.

Hybrid approach

Another concern around this technology is the perception that it is a black box. Investigators who are not familiar with the technology can be reluctant to move away from tried and trusted methodologies. The technology used for traditional linear review has been in use for some time and is widely understood. A set of search terms can be agreed at the outset based on known issues and a review population is identified. From that point the progress of the review is relatively predictable. The review plan is straightforward and easy to communicate to stakeholders, including regulators.

Because of the challenges outlined above, a hybrid approach can be an effective way to defensibly accelerate the progress of an investigation. Firstly, the TAR software can be used as part of an early case assessment. The data visualisation functions quickly help investigators get an overall understanding of the data set and identify if there are any gaps in the data. For the review phase, the search terms can then be applied to the review population as in a linear review. TAR is then used not to predictively code, but to prioritise the review based on the results of an initial review seed set of documents. The advantage of this approach is that the machine learning will help to identify potentially relevant documents and push them up the review queue, meaning early identification of key documents. Compared with a linear review there is no downside, as the prioritisation can be managed at minimal incremental cost and is likely to lead to efficiency savings overall. This is particularly helpful when there are parallel workstreams such as witness interviews and analysis of structured data. Early identification can allow the investigation to quickly hone in on the key issues.

Combining insights from multiple sources of data

One of the most time-consuming and, therefore, expensive aspects of an investigation is identifying links and analysis between different data sets, particularly between unstructured data, emails, chat messages, among others, and structured data (usually transaction data). An email might refer to the payment of an invoice and the investigation then has to identify the payment in the structured data in a different system (or systems) by reference to the date or the invoice number. This can be particularly time-consuming, especially in the context of investigations where the list of suspect transactions could be voluminous, such as anti-money laundering (AML), corruption or accounting fraud investigations.

New tools are now available that cannot only house structured and unstructured data in the same review platform, but also automatically make links between the two data sets. In practice, this means a reviewer can look at the contents of an email discussing a transaction and the actual associated transaction details with a few clicks. This can help to quickly validate findings as well as root out false positives (ie, filter out emails that on first review might appear to contain issues, but are actually benign). As noted above, in many cases data sets from different jurisdictions cannot be reviewed as a whole. While this places some limits on the efficiencies that are available from using various technology tools, the benefits of using these tools outweigh the costs of implementation, even for relatively small data sets. The increasing complexity and sophisti­cation of the issues faced by forensic investigators means investigators must equip themselves with the best available tools to uncover the issues in an efficient and cost-effective manner.

Capturing communications

The evolution of channels of communication and blurring of the lines between business and personal communications means relevant data can sit on multiple devices with multiple applications on each device. Capturing, processing and hosting email and other electronic data has been standard practice for a number of years but is no longer sufficient. The use of messaging applications for business as well as social interaction is now commonplace. The annual WeChat report issued by Tencent’s research division reported that 83 per cent of surveyed respondents use WeChat for work,8 with a reported 963 million active accounts,9 all of which equates to a significant amount of business conversations happening off email. Crucially, these work-related conversations occur regardless of whether the device is issued by the company or is owned by the employee. While there are means of capturing these conversations from backups to laptops, this depends on the settings applied by the user, so cannot be guaranteed.

Conversations on messaging applications can be extremely valuable evidence precisely because bad actors are often now well aware that their corporate emails can be easily accessed and reviewed. In most cases, custodians tend to be less cautious when communicating over messaging applications, and such communications can be key to an investigation.


The work of forensic accountants has evolved from the previous focus on anti-corruption compliance and accounting fraud in China to now include both new geographical markets and new issues reflecting regulatory priorities, such as sanctions compliance and AML. The associated investigations are increasingly complex as the number of sources of relevant data and overall data volumes increase. Forensic accountants have always needed an eye for detail, inquisitiveness, persistence and accounting expertise. Added to that, investigating teams need to be aware, and able to make best use, of the technological tools available to manage and gain insights from very large and disparate sets of data. Alongside the changes in data, the evolving regulatory landscape in respect of data privacy in both Asia-Pacific regulations and extra­territorial international regulations requires investigators to be cognisant of the relevant laws, work closely with counsel and ensure the collection and transfer of data is carried out in a controlled environment.


Unlock unlimited access to all Global Investigations Review content