Globally all industries are experiencing the dynamism and ubiquitous changes brought in by the pandemic. Strict lockdowns forced by COVID-19 have ensured a complete turnaround in the way in which corporates interact, and adapting to a remote working set-up is no more a matter of choice. Overtime, the remote working trend will be assimilated in the working culture as many organisations will be more flexible to working from home. As per Forbes1, an estimated 70% of the workforce will be working remotely for at least 5 days in a month, by the year 2025.
The most direct impact on remote working has been on the way people communicate at work place. A lot of official communication happens over media like Microsoft Teams, Skype, Zoom calls etc. Email for most part tends to be used for more formal communication and sending documents. According to an article published by The Verge2 in April 2021, Microsoft had 145 million daily active users on its communication application Microsoft Teams, as compared to 32 million daily active users at the beginning of the pandemic. Another article published by S&P Global Market Intelligence3 mentioned that Slack Technologies Inc. added 9000 new users to its platform within a span of 2 months. As the number of active users continues to increase, enormous data is being generated on such platforms, increasing the scope of a forensic investigator by leaps and bounds.
There is a general perception about increase in rate of fraud post the pandemic. Association of Certified Fraud Examiners (ACFE) in its survey titled “Fraud in the Wake of COVID-19: Benchmark Report” (December 2020) depicts the change in overall level of fraud thus:
Our Professionals
Srinivasa Rao
Partner & Leader - Risk Advisory Services
Shrikrishna Dikshit
Partner - Risk Advisory Services
The chart above shows that 90% of the survey participants anticipated a further increase in the overall level of fraud over the next 12 months, with 44% saying this change will likely be significant. Given the expected increase in fraud incidents, firms need to overhaul the internal control mechanisms and devise appropriate fraud-response mechanisms. Conducting investigations remotely is a strenuous task and companies must find ways to productively conduct the same. This article explores the practicalities and additional points for consideration while planning, directing and executing investigations in a remote environment.
Investigation Planning and Scope Review in the New Normal
Additional thought and extensive brainstorming is required at the planning stage to scope in the intricacies brought by a remote working setup. The investigators need to assess the availability of and access to data and people in advance. Often, getting time slots for interviews of senior level people can pose a challenge.
The success of an investigation may hinge on the support received from senior management and the cooperation of the relevant teams.
The traditional scope needs to be broadened to combat the real-time challenges encountered in planning and executing an investigation in such a set-up. A comprehensive understanding of the organisation’s IT structure, including the operating systems, nature of devices used and their encryption system, BYOD policy, local IT support teams, need for technical expertise, availability of enabling technologies for conducting E-discovery procedures online, high-speed internet, adequate capacity to upload back-up/ imaging data and data privacy policies, is quintessential.
Tapping the right sources for information
As mentioned above, remote working set-ups have increased the number of active users on messaging applications. While communicating through an email there is a stream of consciousness and coherence which is generally not found in chat applications. The data back-up from these applications can greatly help the investigator to define the true intent of the suspect and timelines of fraudulent activities or building context to past events.
Microsoft, in its recent “Remote work trend report: meetings”4 stated “We’ve seen a new daily record of 2.7 billion meeting minutes in one day, a 200 percent increase from 900 million on March 16”. For an investigator considering the volumes of data generated through these channels are critical while conducting investigations in a remote environment.
This might necessitate scaling up existing technology to accommodate newer data generated on these platforms or homogenize the data collected before running further analysis with traditional tools. Depending on the volume of data to be analyzed using AI/ML tools is critical. Either way, the investigator needs to have a comprehensive understanding of the number of channels used in any organization. This will help in assessing where relevant information resides on company servers, and how it can be extracted from the cloud such that no data source is left untapped.
Enabling Technology
Collecting data regarding “who knew what and when” may appear to be straightforward but it is quite the opposite. Access to equipment necessary for collating and reviewing data might be challenging due to remote working (and state imposed lockdowns during COVID-19). Not all systems can be backed up through online modes – necessitating the cooperation of local IT staff.
Special technologies and skill sets are required to conduct
E-Discovery procedures online. A key challenge is the access to uninterrupted high-speed internet and imaging software which can conduct online imaging. In addition, maintaining the sanctity of data and chain of custody throughout the process of imaging needs careful consideration.
Conducting Interviews
A critical aspect of interviews is the way questions are framed. While the queries have not changed per se, social distancing requirements have made face-to-face interactions nearly impossible and introduced new media for conducting interviews. One of the biggest limitations of investigating in a remote environment is that there is no physical control on the environment of the interviewee/ potential fraudster. Suspects can be in their comfort zones – the interviewers cannot have physical control over the set-up for interrogations to avoid distractions. Even worse, the presence of unconnected people cannot be detected and many times cannot be avoided. If a suspect is being guided or prompted by any other person sharing the same room there are limited measures an interviewer can take to get satisfactory response. The inability to make unannounced visits also reduces the efficacy of interviews.
Ensuring a secure communication line and that no one is recording the interview without authorization is yet another challenge.Most online video calling platforms will inform the participants if the meeting is being recorded, but participants can record the interview discreetly.
Before starting the interview, the investigators should clearly lay down the rules for interviews – camera to stay on or off, recording allowed or not etc. to keep the interview on track.
There is also the question of body language analysis. Kinesics often provide useful hints into what’s going on in the mind of the interviewees which interviewers can use to draw inferences as to what is being said in the interview and to increase or decrease pressure on the interviewee. Remote interviews pose limitations on analysis of body language and hence the investigators may miss out cues to modify their line of questioning.
Information collected in an interview is of paramount importance in any investigation and thus, safe storage and custody ofinterview recordings is very crucial. The legal provisions and company’s policies for recording such meetings needs careful evaluation.
However, conducting interviews in a remote environment can also promote secrecy of the investigation process. If there are multiple interviewees, they can be unaware of the fact as to who else is being interviewed and in what order. This can deter the suspect from sabotaging the information that will be shared by other interviewees.
Data laws and Jurisdiction
Ensuring adequate controls over data is taxing when organizations
are spread across the globe and have thousands of employees. While conducting remote investigations, there can be less than ideal physical control over the custodian’s device. In case where the custodian’s workstation is remotely connected for desktop imaging and the custodian is unwilling to share the information, there are numerous ways for the custodian to interfere with the imaging. Thus, the investigator needs to consider security measures that need to be taken for preventing unauthorised and deliberate destruction of information.
Remote investigations can span across countries and hence data protection laws of other jurisdictions too will have to be considered. For e.g., European Union’s (EU) General Data Protection Regulation (GDPR) addresses data minimisation, restrictions on personal data collection, and instructions to organisations for not collecting personal data, unless necessary.
It is important to note that the GDPR also applies to organisations that are not based in the EU if they collect or process the personal data of any person located in the EU. It lays down provisions for sending a notice and obtaining consent from the individual whose personal information is being collected.
Further the regulation specifies rules about data portability and safe record keeping. The investigator must keep in mind what is expected of them by the government regulators and the legalities behind collecting personal data from devices of the custodian.
