Remaining effective in an era of change: the perspective of UK in-house investigation teams

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

In summary

The past few years have been marked by a period of significant disruption and change for society and business. Organisations headquartered or listed in the United Kingdom face a growing list of reputational, integrity and compliance considerations. For in-house teams tasked with investigating allegations of misconduct, this has been a demanding and sometimes challenging time. This article considers whether the role of these teams has changed over recent years and how the craft of investigating corporate misconduct has evolved in response to social, technological and regulatory change.

Discussion points

  • What is the best way to deploy limited resources to build effective investigations capacity?
  • How can an in-house investigations team deliver value to the business?
  • Should investigations now be technology-led? If so, what does that mean in practice?
  • Are changes to regulation impacting the effectiveness of internal investigations?

Referenced in this article

  • US DOJ, Criminal Division. Evaluation of Corporate Compliance Programs (updated March 2023)


The past few years have been marked by a period of significant disruption and change for society and business, with the covid-19 pandemic, inflation, economic slowdown and technological and regulatory developments leading to changes in working practices, new ways of communicating and accessing information, greater scrutiny of privacy and supply chains and sustained pressure on business performance.

Organisations headquartered or listed in the United Kingdom face a growing list of reputational, integrity and compliance considerations, and those with an international footprint must also come to terms with an increasingly complex global regulatory and enforcement landscape.

For in-house teams tasked with investigating allegations of misconduct, this has been a demanding and sometimes challenging time. Working closely with these teams over recent years, we have observed teams wrestling with issues as varied as remote investigations, capacity constraints and the impact of social media on cases. We, therefore, wanted to explore in more detail the impact of these changes on internal investigations teams.

This article considers whether the role of these teams has changed over recent years and how the craft of investigating corporate misconduct has evolved in response to social, technological and regulatory change. It is divided into six short sections:

  • team structure and approach;
  • case volumes;
  • investigation trends;
  • expectations of the investigations function;
  • technology and investigations; and
  • leading practice ideas.

To inform this article, we spoke to a number of trusted clients and contacts and would like to thank them for generously giving their time and thoughts. This article reflects our own observations, along with themes identified from client conversations, and do not necessarily reflect the views or experiences of any individual organisation.

Team structure and approach

Few organisations experienced a significant change in the structure or responsibilities of their investigation teams over the past few years, despite significant changes in the business operating environment.

It remains rare for UK organisations to have dedicated investigations resources, with even some large organisations with global operations maintaining teams that have multiple or shared responsibilities, including compliance or security, alongside investigations. Even where dedicated investigations teams exist, usually in more heavily regulated sectors or organisations operating in markets perceived as high-risk, the number of specialist investigators is typically very small.

For many larger organisations, including those with an investigations team, the responsibility for conducting investigations is split between teams depending on the type of allegation, with the human resources (HR) department often being responsible for some cases, and the ethics and compliance team being responsible for others. There is also crossover, with some organisations escalating more significant HR cases to the investigations function, such as allegations against senior executives or allegations of sexual harassment.

Whether it is HR, ethics and compliance, or dedicated investigations groups, resources are typically limited, and teams are stretched. Many commented on broader business budget considerations also impacting their teams.

Teams have responded to these capacity constraints in different ways to find the best way to make use of scarce investigations resources. Some organisations try to supplement limited resources by working with business partners drawn from the wider compliance or risk functions, aiding their capacity to quickly deploy individuals on site anywhere with local language skills; however, these individuals sometimes struggle to manage investigatory responsibilities alongside other commitments and are not investigations specialists.

Other organisations prefer only to conduct investigations using their core team. In many cases, companies choosing this approach have decided to adopt remote investigations as a default, relying on data (eg, interviews, systems information and emails) that can typically be collected and reviewed without needing to deploy individuals on site.

Given that many organisations have teams that have responsibilities outside investigations, one organisational consideration was how investigation and compliance responsibilities should interact. Some organisations believe it is critical to retain a distinction between the investigations team and the broader compliance function to preserve the independence of the investigation and avoid undermining the ability of compliance staff to have open engagement with the business on risk issues when they arise. Other organisations see advantages in combining the investigations and compliance roles, noting that investigators then have a closer working knowledge of the business and that compliance activities can be more easily informed by the matters that have been investigated.

Case volumes

Organisations reported varying experiences regarding the number and content of the allegations received. For many, the volume and content of reports received has not materially changed over the past few years, although this experience differs depending on the sector and the scope of the operations; for example, some organisations with global operations have seen an increase in reported concerns focused on particular markets, particularly China and Latin America, whereas other organisations reported a more general increase.

Some common themes associated with spikes for particular markets included:

  • the emergence of new technologies providing new routes to markets and new communication channels open to exploitation, driving new compliance concerns;
  • local business delivery models and specific market targets driving pressure on sales teams;
  • a slowdown in the reporting of issues using whistle-blower channels in certain business units when in-person site audits were paused during the covid-19 pandemic (possibly because of a reduced fear of misconduct being identified by an in-person audit); and
  • inconsistent or diluted compliance standards when new staff are recruited from local organisations with a different risk and compliance appetite.

Other organisations noted changes in the profile of reports over the past few years, including the following:

  • while reports concerning personnel issues typically form the largest portion of allegations raised, it has been well documented that many organisations observed a further increase in reported personnel and conduct issues in 2020 and 2021;
  • changes in the go-to-market approach adopted during lockdowns impacted areas of risk for sales teams both during and after lockdowns;
  • increases in market engagement and subsequent reports following the resumption of in-person interaction for compliance teams and travel for internal audit teams drove higher levels of reports; and
  • an increase in investigations relating to virtual and online fraud was identified.

While some organisations reported seeing a clear trend in the emergence of environmental, social and governance allegations, many did not, although this may be partly owing to terminology, given that allegations about staff conduct remain a significant feature of most whistle-blowing lines.

The volume of whistle-blowing reports received by an organisation is a topic that attracts the attention and reflection of management because it is sometimes viewed as a proxy for the compliance health of the business; however, clients had differing views on how whistle-blower data should be interpreted. Some perspectives included the following:

  • high levels of cases coming through whistle-blowing channels might indicate a fear of reporting issues without anonymity, so an organisation that successfully creates an authentic speak-up culture will see employees turn to line management rather than anonymous reporting lines if there is no fear of retribution;
  • low levels of cases coming through whistle-blowing channels might suggest employees deem the reporting mechanism to be ineffective or unreliable;
  • an increased number of reported cases can arise as a result of organisational changes, such as the integration of a new acquisition or the appointment of new compliance personnel who are able to better educate the business on risk;
  • focusing on the content and sophistication of reported misconduct can help-inform whether compliance messages are landing and compliance maturity is growing in the organisation; and
  • trends within a particular organisation should be analysed in the context of whether employees feel empowered to speak up.

What is clear is that organisations should track trends in cases reported through both whistle-blowing and other channels and consider variances over time and between teams or locations.

Investigation trends


The changing global regulatory environment has not yet impacted the way many teams approach their investigations, with few noting a major impact as a result of evolving data privacy rules. Those who raised data privacy considerations often highlighted China as a jurisdiction of concern.

Beyond privacy, the area of most concern for investigations teams was the continuing development of corporate conduct regulation and associated self-reporting obligations and, for teams with an international remit, the challenge of understanding those obligations and their implications across the organisation.

Another area of change noted by investigators is the increase in expectations around the quality and frequency of engagement with whistle-blowers, with a focus on protecting reporters and providing more regular case feedback – a theme described by many teams. The general consensus was that, while not new, this encouragement to better engage with whistle-blowers and focus on their situation has been positive, both in relation to individual cases and to encouraging reports in the future.

Remote versus in-person

As with hybrid working, the arguments for and against remote interviewing continue post-pandemic. It was consistently noted that the time and costs saved by operating a hybrid approach to investigative interviewing was being enjoyed across all industries. Some organisations argue that conducting all witness and subject interviews on site sends a message to employees that incidents are taken seriously, while others argue that witness interviews conducted remotely can provide greater comfort and privacy to the interviewee to open up.

Our experience has been that witness interviews can be conducted very effectively remotely and can help create a familiar and more natural meeting environment, even when the meeting is recorded. Suspect interviews require more planning and thought with regard to the most appropriate and effective setting, but for high-profile cases, we continue to see benefits in conducting in-person suspect interviews.

Case approach

While our experience has been that reputational issues – including senior staff conduct, data leaks, privacy breaches, modern slavery and other human rights issues – are an increasingly relevant consideration in complex investigations, few teams noted a similar pattern in their work or described a separate methodology for dealing with those issues.

Expectations of the investigations function

Despite limited resources, organisations consistently highlighted the increasing expectations of businesses on their in-house investigations team, and the need to deliver beyond disciplinary outcomes and be seen to be making a broader contribution to the business.

The days of the quality of an investigation being measured solely on whether an allegation was substantiated have passed for many teams, with organisations now expecting root cause analysis and engagement with the business on remediation and the lessons learned. This engagement increasingly happens throughout the investigation rather than just at the end, with a desire to improve business practices and prevent further losses as quickly as possible. To manage the legal and disclosure risks, organisations take care to separate factual investigations reports from reports focused on weaknesses and recommendations.

We were also given examples of compliance and investigations staff being proactively engaged by the business to provide input on broader organisational decisions because of the greater prominence being given to integrity and the ethical elements of strategic decisions.

Beyond business contribution, many investigations teams are now assessed using a range of key performance indicators, with the most common being the average time frame to close each investigation. While the business rationale for that is understandable, the pressures and incentives created to close an investigation and meet those targets are not always consistent with the objective to investigate allegations in a robust and proportionate manner.

It is not only internal stakeholders who are expecting more from investigations teams; some organisations also noted an increase in other stakeholder engagement during the course of an investigation. Most notably, the level of interest taken by the external auditors into ongoing cases has increased significantly, with investigators now likely to be asked to provide regular briefings on open cases and respond to questions about scope and approach.

Technology and investigations

One area of significant change is the emergence and adoption of new technology, which has impacted ways of communicating and doing business and changed the tools available to investigators and fraudsters. With behaviour, including that of employees and fraudsters, changing with the times, there are many instances of finding new ways of doing old things, including the following:

  • More informal conversations can sometimes be found on messaging apps and workplace chat forums, and these conversations are not always being identified and preserved in the same way as email communications. The need to consider personal devices and third-party messaging apps to address this potential data gap is something that has been recently highlighted as an area of focus by the US Department of Justice.[1]
  • Avatars are being created on social media that are crafted to such a level that they are not being picked up by basic due diligence, and artificial intelligence is being used to write scripts that remove errors in English associated with criminals operating in foreign jurisdictions.

While we expected UK organisations to be turning to technology to drive investigative efficiency, and investigations teams to have encountered challenges accessing relevant material, the picture we encountered was much more nuanced, as illustrated by the following:

  • Investigators noted that in the past (pre-iPhone), a subject’s data was largely contained in one place, and that business accounts would include personal dealings that gave context to the investigation. Now, communications tend to be contained on several platforms, which cannot always be easily accessed.
  • It continues to be challenging for investigators to obtain data from certain messaging apps (WhatsApp, WeChat, Telegram, etc) and from personal devices more generally owing to access, encryption and privacy issues. In practice, investigators often assess whether attempting to recover this data is proportionate to the case and whether the information can be collected in different ways, such as by asking an interviewee to show specific chats or material on their device and provide screenshots.
  • There was general agreement that email remained a valuable source of data that, at minimum, could help build a timeline of events and provide context to business decisions and relationships.
  • Some larger organisations have invested in their own electronic document hosting and review capability. However, given case volumes and case complexity, a number of other organisations told us they did not see a positive cost-benefit in adopting specialist investigative technology or case management tools for their typical matters; instead, those organisations preferred to focus on maximising the benefits and insights of Microsoft 365 and OneDrive, noting that advances in project management and communication applications (ie, Microsoft Teams and its recording and transcript functionality) can also provide robust safeguarding of investigative record-keeping at reduced costs. These organisations used external resources to perform forensic imaging, processing, hosting and review for high-profile matters with regulatory implications or external stakeholder interest.
  • Outside regulated sectors, particularly financial services and pharmaceuticals, few organisations were consistently using forensic data analytics to review structured data, partly because they did not feel the data sets in many investigations were of sufficient scale to require specialist analysis. In some cases, data collection, aggregation and consistency challenges across multiple operating systems also deterred organisations from designing and adopting standard analytics.

Leading practice ideas

During our conversations, we noted a number of behaviours and themes that we considered to be examples of leading practice. While every organisation is different and the following may not all apply, we thought it would be helpful to share these ideas. These included:

  • reviewing the structure of compliance and investigative operations to ensure they remain fit for purpose if the organisation has been through broader changes such as a corporate restructuring or significant acquisition. The review might consider staffing levels, regional team distribution and organisational alignment;
  • using analytical models with real-time or near real-time access to structured organisational data, including accounting information and other records, to provide routine access to standard tests that can be quickly applied as part of an early case assessment methodology to consider the merits of an allegation;
  • providing feedback on a case-by-case basis, as well as separately flagging and reporting on areas of thematic risk, where particular processes or locations have experienced multiple similar or connected issues, and providing additional reporting on those observations, as described by some investigative teams that provided feedback on remediation and business improvement;
  • horizon scanning for new and emerging risks to expand team capabilities, such as considering whether the team already has or can access, through the business, knowledge about topics, including sanctions, exposure to cryptocurrency, safeguarding interviews or social and environmental compliance. While the likely current and future needs of different teams vary by business and sector, anticipating future needs can help with training, recruitment and business engagement;
  • keeping policies and procedures updated to reflect changes in the regulatory environment (eg, in relation to privacy and device access) to facilitate access to relevant data in a compliant way. UK organisations, particularly those operating internationally, now rely on a variety of internal functions, including legal, compliance and sometimes a separate privacy officer, to keep abreast of the range of emerging legislation and obligations to ensure their approach to collecting and preserving data is fit for purpose; and
  • recognising that in-house investigation teams are often small, dispersed and independent from the business and that the role, therefore, can sometimes feel quite lonely and potentially isolating. Some teams are consciously incorporating care and resilience into their planning and operations, both for their teams and the people they interact with during cases. Those initiatives may include more frequent engagement with team members, in-person team events and changing the dynamics of business communication and engagement.


Our conversations highlighted a wide variety of experiences and perspectives across most issues, including team structure, investigative approach and the level of technological adoption. One common theme was that the structure and approach of those tasked with delivering investigations was heavily influenced by the resources of the organisation and their broader approach to compliance topics, with teams doing their best to adapt to deliver the best impact with what they have available. The need for teams to draw on their creativity and resilience is a trend we only see increasing in the near term.


[1] US Department of Justice, Criminal Division. Evaluation of Corporate Compliance Programs (updated March 2023).

Unlock unlimited access to all Global Investigations Review content