A RECENT report by the Fraud Advisory Panel revealed that the average length of a serious fraud investigation between 2002 and 2006 totalled 33 months, costing the British taxpayer around £100m a year to fund in Legally Aided cases.
In the FAP’s document, Improving the Investigation and Prosecution of Fraud, particular attention was paid to two common pitfalls in fraud investigations: first, difficulties faced in focusing the investigation during the early stages; second, containing the issues that arise when handling large volumes of seized material.
Seized material includes vast amounts of information found on computers that is becoming increasingly relevant and valuable. At their most serious, problems in any of these areas can lead to the failure of a prosecution.
To summarise, not only questions of cost are raised by the FAP but also ones of efficiency and methodology when investigating fraud cases.
It is no wonder, perhaps, that the Fraud Advisory Panel is pushing for the use of resource-saving technology in the form of E Discovery (electronic discovery) to help to focus investigations in the early stages, and to process vast quantities of information efficiently and effectively. However, although E Discovery has been picked up well by the investigative fraud community across the pond, the UK is being surprisingly slow to respond, and many litigators are still unsure of its format and usefulness.
Picture the typical fraudulent scene: a company director and finance team are accused of VAT fraud over its five years of trading.
The accounts team alone consists of four individuals, each with their own computer workstations. All invoice documents are created on these computers and all staff have access to internal and external email facilities.
Before the firm switched to electronic invoicing, it was paper-based, and so a year’s worth of paper documentation is also stored on the premises.
Where do they begin to investigate all this information, bearing in mind the following points?:
• Association of Chief Police Officer guidelines must be followed to ensure that no computer-based evidence is corrupted. These guidelines dictate that ‘An audit trail or other record of all processes applied to computerbased evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result’. How much of the defence team are ITliterate, let alone au fait with forensic applications and processes?
• The investigation qualifies for legal aid and the Legal Services Commission is looking for the most resourceeffective solution to examining all evidence.
• The defence team is made up of several individuals; lawyers, counsel, accountants who are spread across the country.
The logistics of regular case conferences are often difficult to master, and circulating sensitive evidential case material via email can be a cause for concern from a security point of view.
The solution to investigations of this nature from an investigative point of view is Electronic Discovery – the review and production of evidentiary material for litigation, stored in electronic format. This may include email, word processing documents, spreadsheets, databases and presentations.
The data can be stored or found on portable media, hard drives, residual data (ie deleted data), personal organisers and mobile telephones and employee personal computers.
E Discovery is entirely ACPO-compliant provided that it is carried out using recognised forensic procedures. First, the seizure of computer based information must be addressed (some E Discovery suppliers will also provide this service). All relevant workstations within the defendant company must be forensically imaged (a snapshot of all information deleted or live on the computer is taken). This is non-invasive and does not affect business continuity.
From that point, the investigation will be carried out from the forensic images, which at this stage are not comprehensible to an averagely IT-literate professional. A computer forensic team must be brought in. All paper-based documentation is also seized at this stage and logged as evidence by the forensic team.
Further to this, the paperbased documents will be scanned using optical recognition software and combined with the thousands of digital documents that have been recovered (if deleted) or extracted from the computer.
They will all be uploaded into the E Discovery software; the process can take as little as a few days to complete.
The database is then burnt onto DVD and supplied to the defence. It is that simple.
The defence team is now in a unique position. It has all the documents and emails created by the defendant company throughout its time in trading at its discretion stored on CD. This includes deleted documents which have been recovered by a computer forensics company.
All documents can be viewed in a PDF format or printed, as required. They can be searched by key names, dates, document titles, etc, and as the information has been uploaded using character optical recognition software it will become immediately available on screen.
Documents that have been noted by the defence team as relevant or important to the investigation can be categorised, annotated or redacted to highlight their significance to the case. Copies of the edited E Discovery database can then be shared between the defence team, so everyone will be able to see the trail of events, lines of investigation and potential evidence.
The database can also be password-protected to enhance levels of security.
In addition, the documents in the database have been Bate-stamped, so they can be served as disclosure during the litigation process.
This seems simple enough, so why are we not utilising this service to find the proverbial needle in the haystack in large-scale fraud cases? It is cost-effective, resource-saving and an intelligent way to begin an investigation, the start of which is often little more than a fishing expedition.
Some Legal 20 firms and accountancy firms have got on board, and have even gone to such lengths as to acquire their own internal team of forensic professionals, combining this with the acquisition of their own E Discovery software.
However, for the small to medium-size firm it is not financially achievable to recruit a team dedicated to providing this service should a case arise, so the solution is to outsource to a third party.
Typical responses to why teams are not using this service include:
The service is too expensive. This needn’t be the case, and is often resource-saving. Compared with manually trawling through reams of paper or years’ worth of digital documentation, it is an efficient solution for locating documents of reference.
According to a survey published in the Financial Times, the average fraud case now requires the analysis of 5,000 emails and electronic documents, but this is often only the tip of the iceberg.
Just print it. Aside from the obvious financial resources and manpower that would be needed to print out and review all digital documents, key areas could be missed. For example, printing out an email would not account for any individuals who had been BCC’d into the correspondence. This wouldn’t show on the printed material and would therefore be overlooked.
I shy away from all things technical. This is not an uber technical piece of software. In fact, in many cases it has been specifically designed for the nonIT-based community. It is, in essence, a searchable database with supporting features.
Confidentiality and security issues with outsourcing. The solution is to research the E Discovery company you are outsourcing to, especially if deleted data needs to be recovered. Reputable companies will have forensic capabilities and be trained in EnCase software – the industry standard. They will also be security cleared and will have signed the Official Secrets Act.