United Kingdom: handling internal investigations

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

With so much potentially at stake, the initial steps and strategic decisions taken in any company investigation are critical to setting the tone for a focused, credible and effective inquiry. This is paramount not only for the purposes of getting to the bottom of what has happened and responding appropriately, but also for limiting a company’s potential exposure and preparing it to engage with the relevant authorities. While every investigation is different, there are a number of key considerations that are common to all and that, if tackled appropriately, can ensure that a company is set on the right course from the outset. These include (i) setting the scope and terms of an investigation; (ii) securing and reviewing evidence; (iii) dealing with issues of legal privilege, data protection and banking confidentiality; (iv) assessing the nature of the company’s risk; (v) dealing with employment issues; (vi) conducting interviews; (vii) assessing jurisdictional reach; and (viii) preparing the investigation report. In providing an overview of these, this chapter aims to give companies and their lawyers practical guidance on how to approach what are often fast-moving and complex investigations.

Setting the scope and terms of an investigation

It is common when an issue is discovered, either internally or in response to an external request from a government agency, to want to establish what has happened as quickly as possible. It is almost always advisable, however, to take a step back and carefully consider the scope of the investigation before beginning the substantive work. This is critical both in relation to deciding the ultimate objectives of the investigation and, in practical terms, how these objectives are to be achieved.

On realising that there is an issue requiring an internal investigation, a company should establish internally who is going to be responsible for conducting or managing the investigation. This is important for the efficient running of an investigation as well as for creating a legally privileged environment. Usually the person responsible will be the company’s general counsel or their representative, although it may sometimes be necessary to set up a special committee of the board of directors or act through the audit committee. This decision will depend on the scale of the investigation and whether senior executives are the subject of the investigation. Often an investigation will be conducted internally but in certain circumstances, due to the scale or potential implications of a particular matter, it will be necessary to instruct external lawyers.

Whoever is conducting the investigation should establish its precise scope carefully and clearly at an early stage. The scope should include the specific issues being investigated, the date range, the jurisdictions and any other relevant factors. It may be necessary to agree this scope with government agencies and it is critical that careful thought be given to limiting the company’s potential exposure to a wide-ranging investigation. An internal investigation is not intended to be a fishing expedition to identify any and all potential problems a company may have, but rather a specific response to a specific problem that has been identified. This is not to say that unanticipated issues coming to light in the course of the investigation should be ignored, but rather that a precise and focused investigation will undoubtedly be better for resolving issues in a time- and cost-effective way.

A detailed work plan should be produced based on the agreed scope, setting out how evidence is to be preserved, collected and reviewed. This should include identifying relevant custodians from whom evidence should be collected and potentially who will need to be interviewed and in what order. It is at this stage that any relevant timescales should be identified, although this is an area that should be kept constantly under review as the scale of the documentation becomes clear. Every internal investigation is different and any work plan will need to be flexible enough to adapt to changing circumstances. There are many issues that can arise – such as cost, the degree of any misconduct, external time pressures, regulatory requirements and the need to manage a business reputation – that will have to be considered and balanced against the need to conduct a full investigation. Finally, whoever is conducting the investigation should make regular reports to management and manage the expectations of both the company and, if necessary, any external government agencies.

Securing evidence

On discovering that there is a potential issue, a company should take immediate steps to secure all relevant evidence. The investigation team should establish who the relevant custodians and employees are and take the following steps:

  • Secure all available relevant hard-copy documents and quarantine them in a secure environment. These documents should include (but not be limited to) relevant correspondence, contracts, legal advice, internal documents, board minutes and supporting documents where appropriate.

It is extremely important that all documents identified as potentially relevant are isolated and remain secure throughout the investigation, while minimising any adverse impact on the business’s operational requirements. Depending on the volume of material, it is recommended that a secure room or lockable filing cabinet be identified and that all material relevant to the case be isolated and secured. In the event that some access is needed to the material, it is recommended that measures be put in place to limit and monitor access.

  • Cease any normal document destruction programme in relation to historic documents that could be relevant to the investigation.
  • Secure any relevant electronic material, for example, laptops, electronic devices and hard drives, which could contain relevant material. In the interests of maintaining business continuity, it may be necessary to image the respective devices to preserve the integrity of the data.
  • Ensure that back-up tapes or hard drives are secured in relation to the company’s network and email servers.
  • Secure and isolate any company BlackBerrys or mobile phones (if any) likely to contain relevant evidential material, and SIM cards if necessary. In particular, obtain any mobile phone records for individuals involved in the relevant conduct.

In addition, a document hold notice should be sent to all relevant custodians and employees clearly identifying the categories of material that should be preserved, without giving away details of the allegations that the investigation relates to. It is also helpful to conduct document collection interviews with custodians to try to establish all the locations where they may have kept or saved relevant evidential material.

It may be appropriate at this stage to instruct an external vendor to be responsible for collecting and processing all the electronic data, as well as assisting with forensic services such as the recovery of deleted data if necessary. Instructing a specialist external vendor to collect and process any data will also help to establish an effective chain of custody in respect of the evidence, as well as preserving its forensic integrity.

Reviewing evidence

Once all the relevant evidence has been identified and collected it should be reviewed by the investigation team. Most investigations produce a vast amount of electronic material and so it is vital that a sensible and proportionate review strategy is applied. In the first instance, a reputable external vendor should be selected to host and provide a review platform. The investigation team should then identify a sensible set of search terms and a defined date range, seeking agreement if appropriate from relevant government agencies. In addition, many review platforms provide ‘predictive coding’ and ‘pattern analysis’, technologies that can identify the most relevant and important documents in the data set.

Once the review set has been identified, a review team should be set up to work through all of the documents, categorising them according to a predetermined review protocol that specifies the different issues under investigation. This first-level review is essential for removing the irrelevant material and reducing the evidence to what is directly related to the issues. It is also a means of identifying material that is privileged, as well as any ‘hot documents’ that should then be escalated to those in the investigation team who are tasked with establishing the facts or are preparing to interview key individuals.

As the evidence is identified and reviewed, relevant material should be made available to the investigation team so that a chronology of events can be prepared. This is essential for establishing a set of facts based on the documents and is vital when preparing to interview individuals. When preparing any work product based on the document review, it is extremely important that the source documents are clearly identified so that they can be returned to at a later date when preparing for interviews or producing material at the request of government agencies.

Legal privilege, data protection and banking confidentiality

There are three important legal issues that should be considered when conducting an internal investigation in the UK:

  • legal privilege;
  • data protection; and
  • banking confidentiality.

For reasons of space, these issues will not be examined in detail. However, there are a number of key points that can be briefly  summarised.

In relation to legal privilege, it is vital that the ‘client’ be clearly identified, irrespective of whether the investigation is being conducted by the in-house team or external counsel. In the UK, both in-house and external lawyers enjoy the protection of legal privilege. Care should be taken in relation to European Commission investigations, however, as the European Court of Justice has held that only external lawyers are protected by privilege.1

Litigation privilege will only apply if litigation is reasonably contemplated when the investigation begins, and any communication or document is created for the dominant purpose of that litigation. In some cases litigation will not be reasonably contemplated and therefore litigation privilege will not apply. This leaves only legal advice privilege, which requires all communications between the clearly identified client and lawyer to be kept confidential. The UK courts have held that the client is not the corporate entity itself, or its employees generally, but rather only those employees and officers of the corporate entity expressly tasked with obtaining legal advice from either external or in-house lawyers. Communications involving members of staff who have not been expressly tasked to seek such advice are not protected by legal advice privilege, no matter how senior they are.2 A further point to bear in mind is that legal advice privilege (unlike litigation privilege) does not apply to communications with third parties. This means that any communications with external parties such as forensic accountants or professional investigators are unlikely to attract privilege. The privilege position in relation to witness interview memoranda is covered below.

Given that a considerable amount of the evidence reviewed will be considered data, it is important to note that the Data Protection Act will be engaged. In most situations this will not be problematic, provided that the requirements under the Data Protection Act are considered in relation to the processing and disclosure of data and that the reasons for any decisions made in relation to the data are documented. Special care should be taken if any of the data reviewed is thought to contain ‘sensitive personal data’, or in circumstances where a transfer of data outside the European Union is being considered. This is particularly true for any proposed transfer of data between the EU and the United States, in light of a recent ruling by the European Court of Justice against the adequacy of the provisions of the EU-US Safe Harbor scheme and its replacement by the transatlantic Privacy Shield agreement.3

Finally, if the company concerned is a financial institution, care should be taken in relation to banking confidentiality. Under English law, it is an implied term of the contract between customers and their banks that these firms will keep their customers’ information confidential. This confidentiality is not confined to account transactions but extends to all the information that the bank holds about the customer. There are a number of exemptions that should be carefully considered before any confidential information is disclosed outside the bank, for example, to a government agency or to a review team located outside the UK branch of the bank in question.

The nature of the risk

When embarking on an investigation, it is crucial that the nature of the potential risks the company is exposed to is properly assessed at the outset and reviewed continuously as the investigation progresses. A problem that appears on the face of it to be regulatory in nature may in fact have a criminal angle that only becomes apparent part-way through or at the conclusion of the investigation. Early engagement with the authorities carries many benefits, particularly in the context of a company looking to benefit from a deferred prosecution agreement (DPA) given that the Serious Fraud Office (SFO) will take into account how early the company self-reports as a factor when deciding whether to offer and enter into a DPA. A company may also feel under pressure to disclose information and make representations at an early stage where an investigation has been triggered by a regulator. However, this should not be done without careful consideration of the potential repercussions – particularly if there is a risk that not all relevant evidence has been reviewed. It is worth remembering that, while compelled interviews in the regulatory context are not generally admissible in criminal proceedings, the same protections do not apply to information that is provided voluntarily.

Likewise, if it is likely that the services of forensic accountants or other investigators will be required, careful thought should be given to the most appropriate time to do this and the potential consequences. As explained above, any communications with third parties at the internal investigation stage will only attract privilege if litigation is in reasonable contemplation and the communication is created for the dominant purpose of that litigation. Where this is not the case, any resulting reports may find themselves the subject of a compelled production, either to a regulator or – potentially more seriously – to a criminal authority.

Employment issues

A further issue that should be considered at the outset is the status of any employees that, on the face of it, may be implicated in the conduct under investigation. Normally the most prudent approach from both an investigation and regulatory perspective will be to suspend any employees concerned with immediate effect, pending the outcome of the investigation. Suspending rather than dismissing employees allows those conducting the investigation to have continued access to them. However, there will often be a degree of tension between the best approach from a regulatory perspective and the employment law requirement that suspension should be used only where absolutely necessary and that the period of the suspension should be minimised. Employment law issues therefore need to be considered in parallel, and advice sought as appropriate.

Once the internal investigation is complete, the decision will have to be made whether to dismiss the employee, reinstate them (with or without a first or final written warning) or extend the period of suspension. Normally a formal disciplinary process will take place before any decision is made. In most cases where there are ongoing issues reinstatement will not be a viable option, and indeed any interested regulator will expect that implicated individuals be suspended until the outcome of the regulatory or criminal processes. Where there is evidence that an employee may have committed a serious breach of his or her employment contract or may be guilty of gross misconduct, it may be possible for the company to terminate that person’s employment with immediate effect. However, in addition to seeking legal advice on employment matters, consideration should be given to the potential effects of such a measure on the investigation. On the one hand, disassociating the company from the individual or individuals concerned may serve to send a clear message to the market (and to any interested regulators) that the actions under investigation were those of rogue elements and are not representative of a systemic problem. On the other hand, where there is any possibility that the company may want to defend allegations, supporting any individuals involved (in terms of continued employment and financial assistance with legal fees) can carry benefits including the implementation of a unified defence strategy.


Occasionally, either at the outset or during the course of an investigation, the possibility may emerge that a criminal offence has been committed. Where an interview is conducted with a person suspected of committing an offence, the question arises whether this amounts to a criminal investigation and therefore whether the provisions of the Police and Criminal Evidence Act 1984 (PACE) apply. The Court of Appeal has held that there is only a requirement to caution the interviewee if the interview is conducted by people who are specifically charged with the duty of investigating offences (ie, people employed by a company for the purpose of investigating crimes committed by its staff).4 A private employer investigating and interviewing an employee as part of an internal investigation or disciplinary process will not normally amount to a criminal investigation, even if the investigation involves conduct that may constitute criminal offences. It follows that the employer will not generally be bound by PACE, and that any admissions made by the employee are likely to be admissible in subsequent criminal proceedings if handed over to the authorities.5

It is not clear whether the position would be the same in circumstances where the criminal authorities were already involved and had effectively condoned the internal interview process as a means of securing the accounts of suspects. In any event, this situation is unlikely to arise in practice since both the SFO and Financial Conduct Authority (FCA) have been increasingly concerned in recent years about the risk of evidence contamination. Our experience is that the SFO is increasingly likely to impose restrictions on or even prevent the internal interview process altogether, and to seek to limit the amount of disclosure provided to those interviewed. It is understood that in one of the SFO’s current investigations, it sought to prevent the company from conducting face-to-face exit interviews with suspended employees, instead insisting that the process be conducted in writing. In a similar vein, banks in the FX investigation were required by the FCA to record their internal interviews and to produce those recordings, or transcripts of them, to investigators. They were also prevented by the FCA from disclosing certain documentation to the employees under investigation. This is in marked contrast to the FCA’s approach in the preceding Libor investigation, where banks were permitted to conduct their investigations more or less independently. It also differs considerably from the position in the United States where, in light of the Yates memorandum and comments made by the assistant attorney general last year, the Department of Justice (DOJ) expects ‘cooperating companies to make their best effort to uncover the facts with the goal of identifying the individuals involved.’6 This approach is further reflected in the DOJ’s FCPA pilot programme, announced in April 2016, under which significant rewards may be available for voluntary disclosure and full cooperation.7 Companies and their advisers who are conducting multi-jurisdictional investigations therefore face a difficult task in attempting to balance the competing demands of multiple different interested criminal authorities and regulators when determining how to approach internal interviews. Additional jurisdictional issues are considered in further detail below.

Where there are potential criminal or regulatory consequences for an employee, it is good practice to advise them to seek separate legal representation. It is common for the legal departments of companies to carry lists of recommended ‘independent legal advisers’ for this purpose. In addition to discharging a company lawyer’s ethical duties towards unrepresented parties, encouraging an employee to have separate representation will often be in the company’s own interests. An employee who has had the opportunity to review the facts and relevant documents with a lawyer, in addition to seeking advice on the pros and cons of cooperation, is likely to be a more reliable provider of information. The cost implications of separate representation will need to be considered, including whether there is a directors and officers insurance policy in place that may apply.

Particular care should be taken in relation to the creation of notes or memoranda of interviews conducted as part of an internal investigation. The interview scenario is clearly not one to which legal advice privilege will apply, therefore a company may be forced to rely on litigation privilege in relation to these documents. In order to maximise the chances that privilege will apply, the company’s lawyers (internal and external) should be present at the interviews. Even if the notes of an interview are covered by litigation privilege, it is not possible to bind the interviewee from disclosing the questions asked of them and the answers they gave. There is no solution to this problem within the rules of privilege, but it is good practice for the lawyers to advise the interviewee that:

  • they represent the company and not them;
  • in their view the interview is covered by litigation privilege;
  • the privilege belongs to the company and it could choose to waive it in the future; and
  • the matters discussed are to be kept confidential.8

While the interviewee is under no general legal duty to respect this confidentiality, the fact that they will normally be cooperating in the interview process as a result of their employment obligations will probably mean that they do so.

It should be noted that the SFO has repeatedly and publicly criticised the tendency for companies to claim privilege over the accounts of witnesses, making clear in relation to DPAs that it views the ‘free supply of relevant information’, including ‘the account of any witnesses spoken to by those conducting the enquiry’ to be ‘the hallmark of cooperation’.9 This approach is also codified in the DPA Code of Practice, which states that the SFO will take into account whether a company has disclosed relevant witness accounts as a public interest factor tending against a prosecution. Although the issue has yet to be settled by the courts, it is clear that companies seeking to engage with the SFO are increasingly likely to be asked to disclose communications previously accepted as privileged.

Jurisdictional issues

An important consideration in any internal investigation will be the potential jurisdictional implications of any conduct that is uncovered. The global nature of today’s financial services industry, together with the respective long reaches of the US FCPA and the UK Bribery Act, make it increasingly likely that agencies on both sides of the Atlantic and elsewhere will be able to establish jurisdiction over both criminal and regulatory conduct. How it is decided which agency takes the lead in a particular investigation is less clear, although practical considerations such as the location of evidence clearly play an important role.

It is also increasingly likely that information will be shared between agencies across jurisdictional boundaries. Particularly in the regulatory sphere, there are a number of published agreements in existence concerning cooperation and information sharing between the FCA and certain of its overseas counterparts such as the US Securities and Exchange Commission. The global settlements in the Libor and FX investigations are a good illustration of the effectiveness of that cooperation in practice. It is fair to say that cooperation between the SFO and its overseas counterparts is less culturally embedded than it is between the FCA and overseas regulators, although it is understood that significant steps have been taken under SFO director David Green to rebuild trust between the SFO and the US DOJ. The effect of this increasingly close relationship and sharing of information between agencies is that a company’s potential exposure rarely falls to be assessed on the basis of one jurisdiction alone.

Investigation report

On completion of the investigation, careful thought should be given to how the findings or conclusions of the investigation should be presented. The usual choice is between a written report and an oral presentation. There are obvious risks in relation to a written report as, if there is any ambiguity as to whether or not it attracts privilege, it may become discoverable by government agencies or parties in potential civil litigation proceedings. That said, a written report can be extremely effective in demonstrating that a thorough investigation has been conducted and the steps that have been taken to remedy any misconduct or failures within the organisation.

A report should usually set out the background to the allegations, the steps taken during the investigation, the factual findings of the investigation and what steps, if any, have been taken in relation to remediation. It is also generally considered sensible to limit the circulation of the report internally, particularly if attempts are being made to retain privilege. Care should be taken to avoid making any express findings as to whether a criminal offence or regulatory breach has occurred.

It may also be that a report is made to one or more government agencies. Again it is possible either to submit a written report or to give an oral presentation, although if there are allegations of wrongdoing it is likely that the agency will require the production of material. It is at this stage that the importance of a carefully planned and thorough review process becomes clear, as it will form the basis of any production.

In today’s global enforcement environment, a company that discovers a problem warranting investigation will have to get to grips with a number of complex legal and practical issues in a relatively short space of time. While we have attempted in this chapter to provide a useful guide to the investigation process, it is important to remember that no two investigations are identical and that each presents its own unique set of challenges and objectives. In the rush to get to the bottom of what has happened, it is all too easy to for those conducting investigations to become slaves to a predetermined process and to lose sight of what they set out to achieve. Setting and communicating clear objectives, as well as defining and continuously reviewing the scope and terms of the inquiry, are therefore critical first steps to achieving an appropriate and proportionate outcome.


  1. Case C-550/07 P Akzo Nobel Chemicals Ltd v European Commission [2010] ECR I-8301.
  2. Three Rivers District Council & others v The Governor & Company of the Bank of England [2003] EWCA Civ 474.
  3. Schrems v Data Protection Commissioner, C-362/14, 6 October 2015.
  4. R v Twaites [1991] 92 Cr App. R 106.
  5. R v Welcher [2007] EWCA Crim 480. A similar approach has also been adopted by the US courts (US v Carson, Case No. 09-77 JVS).
  6. Speech delivered by Assistant Attorney General Leslie R Caldwell, 17 November 2015.
  7. The Fraud Section’s Foreign Corrupt Practices Act Enforcement Plan and Guidance, 5 April 2016.
  8. This is similar to the ‘Upjohn’ warning in the US.
  9. Speech given by Alun Milford, General Counsel to the SFO, on The Use of Information to Discern and Control Risk to the Cambridge Symposium on Economic Crime, September 2014.

Unlock unlimited access to all Global Investigations Review content