It Takes Two to Tango: How Forensic Accountants Can Complement Attorneys

This is an Insight article, written by a selected partner as part of Latin Lawyer's co-published content. Read more on Insight


According to the American Institute of Certified Public Accountants (AICPA), the field of forensic accounting is a branch of accounting that ‘generally involve[s] the application of specialised knowledge and investigative skills by a member to collect, analyse and evaluate certain evidential matter and to interpret and communicate findings (forensic services).’[2] Forensic accountants combine accounting, auditing and investigation techniques to assist organisations mitigate its financial and compliance risks, as well as detect and prevent fraud, financial crimes, and other financial misrepresentations.

Broadly speaking, they focus on analysing financial records (such as balance sheets, income statements, tax returns and other accounting and financial records) using a variety of techniques and tools, including data analytic procedures, forensic accounting and behavioral interviewing. They are trained to analyse financial records to detect errors, discrepancies and anomalies that may indicate acts of noncompliance, fraud or other financial misrepresentations. From an education perspective, forensic accountants usually have a degree in accounting, finance, information technology or a related field, and many also hold certifications such as certified public accountant (CPA) or certified fraud examiner (CFE).

One of the key responsibilities of forensic accountants is to detect and investigate instances of financial irregularities. This may be manifested through the analysis of structured data (spreadsheets, databases) and unstructured data (emails, PDFs) to identify suspicious activities and patterns of behaviour that may indicate corruption. For example, they may look for transactions that are not in line with the normal business operations of the organisation, or that are out of line with the normal spending patterns of employees. Generally, forensic accountants combine accounting, auditing and investigative skills to:

  • identify internal control weaknesses, implement controls and provide expertise in financial data analysis to assist organisations maintain an effective compliance programme;
  • assist in internal investigations through the examination of financial transactions and data to uncover evidence of fraud, embezzlement or other financial crimes; and
  • provide valuable insights, expertise and evidence that can assist in solving complex financial disputes and provide expert testimony.

A representative example of how a forensic accountant could provide value is in a fraud investigation involving allegations of embezzlement of funds, which is a common fraud scheme throughout Latin America. Based on a recent study by the Association of Certified Fraud Examiners (ACFE), Latin America has the second highest average fraud loss of any region in the world, after the Eastern Europe and Western/Central Asia region. Moreover, victim organisations based in Latin America had the lowest rate of recovering fraud losses (67 per cent versus the global average of 52 per cent).[3]

Forensic accountants can assist organisations recoup fraud losses during embezzlement matters by investigating where suspect employees may have stolen funds from their employer. The forensic accountant can analyse the company’s financial records to identify any suspicious transactions, such as unauthorised transfers of funds or falsified invoices. They can also review bank statements and other financial documents to determine the extent of the fraud and the amount of money that has been stolen. Based on their findings, the forensic accountant can provide a report to the company, its external counsel or law enforcement agency that can be used as evidence in court.

Complementing one another

The legal and financial worlds are intertwined and, in many cases, they require collaboration to resolve complex legal disputes, regulatory issues and investigations. Attorneys and forensic accountants are two professions that often work together in these situations. For instance, one way to ensure the effectiveness of a compliance programme is to involve attorneys and forensic accountants. Attorneys are experts in navigating regulatory frameworks, while forensic accountants are financial professionals who specialise in analysing financial data.

While attorneys and forensic accountants have different areas of expertise and focus, both parties complement one another by providing guidance and assistance to their clients that is tailored to the specific needs of an organisation. Involving legal counsel and forensic accountants can provide valuable support and expertise in legal and financial matters, helping to protect an organisation’s interests and mitigate risk.

The following table lists examples of where the two disciplines complement one another.

CriteriaAttorneyForensic accountants
ExpertiseLegal expertsFinancial experts
Focus areasRepresenting clients in trial proceedings and settlement negotiationsAdroit at analysing financial records
Legal adviceProvide legal representation and guidanceDo not provide legal advice
Court appearanceRepresent clients in courtProvide expert testimony in legal cases involving financial disputes, fraud or noncompliance matters
SpecialisationSpecialise in providing legal guidanceSpecialise in accounting and financial matters
Regulatory requirementsIdentify and make recommendations on how to comply with regulatory requirementsAssist organisations implement internal controls and perform financial testing to assess compliance with regulatory requirements
Education and trainingTypically have law degrees and pass the bar examTypically have accounting or finance degrees and hold a certified public accountant or other certifications

Key responsibilities for a forensic accountant

Forensic accountants can play a critical role in assisting organisations and counsels in a variety of ways. While they can support in reactive investigations to identify financial wrongdoing and provide expert testimony, they can also support in myriad ways to mitigate an organisation’s risks. Forensic accountants can assist with due diligence, regulatory compliance, fraud prevention, computer forensic analysis and identifying financial red flags. Within the following section, we provide a brief synopsis into each of these matters, and later in this chapter we will cover three of these areas in more depth.

Proactive matters

Conducting due diligence

It is imperative to conduct due diligence reviews during mergers and acquisitions or other business transactions so management can make sound decisions. Forensic accountants can analyse financial data to identify potential financial risks, assess the accuracy of financial statements and identify potential undisclosed or hidden liabilities. Forensic accountants can provide insight into the financial aspects of the transaction, enabling external counsel to make informed decisions.

Background checks

Forensic accountants ascertain through open-source record searches the credibility of a company and its upper management to safeguard from fraud and future liability (see the ‘Third-party risk management’ section for expanded details). This is a fraud mitigation and compliance exercise that safeguards organisations from being defrauded due to lack of proper background checks on various stakeholders.

Regulatory compliance

Forensic accountants analyse financial data to identify potential violations of laws and regulations and suggest corrective actions. They can also assist in developing compliance programmes and policies that prevent violations of laws and regulations.

Fraud prevention

Forensic accountants identify potential vulnerabilities in financial systems and internal controls. Implement effective internal controls to prevent financial fraud and other financial crimes. Forensic accountants can also assist in developing policies and procedures that prevent financial fraud, such as internal controls, accounting systems, and employee training programmes. They may provide training to corporate employees on how to detect and report suspicious activity, as well as advise on the implementation of internal controls and other safeguards.

Reactive matters


Forensic accountants can assist in gathering and analysing financial data, identifying potential financial irregularities or fraud, and providing insight into the financial aspects of the case. They can also help develop investigative strategies, conduct interviews and assist with evidence collection (see the ‘Dealing with electronic evidence in Latin America’ section for expanded details). One of the ways that forensic accountants provide support in investigations and compliance matters is the analysis of large data sets to identify patterns and anomalies that may indicate fraudulent activity. Forensic accounting firms have been in the forefront of leveraging different technologies to analyse data efficiently. They can also use data analytics to identify trends and potential areas of non-compliance (see the ‘Transaction testing and monitoring’ section for expanded details).

Expert testimony and settlement negotiations

Forensic accountants can provide expert testimony in legal proceedings related to financial crimes. They can explain complex financial data and transactions to the judge and jury in a clear and concise manner, making it easier for non-financial experts to understand. They can provide expert opinions on the financial aspects of the case, such as the credibility of financial documents or the extent of financial damages. Additionally, they can assist counsel develop different financial sensitivity analyses that may resourceful during negotiations related to settlements.

Forensic accountants also support organisations in recovering fraud losses in the development of a fidelity fraud claim. Moreover, many organisations possess insurance coverage that may reimburse them for the professional fees that they incur to quantify the loss and prepare reports for use in civil or criminal proceedings. The organisation’s insurance carriers may assign an adjuster who will involve forensic accountants as part of their team. Forensic accountants could be valuable members of the team in assisting in claim strategy and development, especially if the organisation does not possess the technical expertise and experience in these claims processes.

Third-party risk management

According to Transparency International’s Corruption Perception Index 2022, nearly every country in Latin America ranked below the global average in connection with the perceived level of public sector corruption.[4] A lack of bold, decisive action to fight corruption and strengthen public institutions throughout Latin America is fueling organised criminal activities and other sources of violence. It is also undermining democracy, human rights and development. Furthermore, according to the Global Corruption Barometer for Latin America and the Caribbean 2019, corruption contributes to the erosion of confidence of citizens in the government.[5] Results show that confidence in governments, the courts and police is very low in Latin America and the Caribbean.

Latin America poses a challenging working environment due to its linkage to numerous financial crime risks. Some of these financial crime risks, to name a few, include mineral smuggling, drug trafficking, human trafficking (which also includes migrant smuggling).[6] The development of these financial crime risks is generating illegal cash flows involving money laundering, trade-based money laundering, terrorist financing, corruption and corporate fraud. All of these risks typically involve the use of third parties to perpetrate these crimes.

Third parties can pose risks to organisations, such as bribery and corruption, legal and reputational risks. For instance, analysing the number of US Foreign Corrupt Practices Act (FCPA) matters initiated per year alleging bribery schemes, 89 per cent involved third-party intermediaries, of which 72 per cent of the identified third parties were agents, consultants and brokers.[7] Resultingly, organisations must have a thorough grasp of its third-party population to implement efficient processes to combat these risks. An organisation may have hundreds to thousands of third parties, and the sorts of third parties may be uniform or vary greatly depending on the size and type of business it performs. Year after year, organisations are faced with increased regulations with the consequences of potential sanctions and reputational damage, resulting from the potential improper acts by its third parties. Therefore, it becomes fundamental for organisations to understand its risks associated with third parties and how background checks can protect its business.

Third-party due diligence: key elements to act as regulators are expecting[8]

Conducting due diligence on third parties is considered a leading practice. Laws such as the FCPA, UK Bribery Act, the most recent anti-corruption regulations promulgated in Latin America, and guidance from multinational organisations all advise companies to ‘know’ their foreign counterparts. While the need is clear, there is no regulatory guidance specifying a minimum level of due diligence to be conducted. This ambiguity can make it tempting for companies to take a cursory swipe at due diligence, review one database, check the ‘all-clear’ box and enter into a business agreement.

As evidenced by the US Securities and Exchange Commission (SEC) and US Department of Justice (DOJ) judgments in which US companies have been faulted for not performing sufficient due diligence, a cursory approach will no longer suffice. Increasingly, companies are expected to conduct a deeper, more systematic assessment of potential international business agents and partners that involves collecting information from the business partner, verifying the data and following up on identified ‘red flags’.

Guidance on due diligence from the US DOJ and other Latin American regulators

The DOJ’s Criminal Division published updated guidance in April 2019, June 2020 and March 2023[9] discussing the factors prosecutors should use to determine whether a company under investigation will be considered to have an effective compliance programme. In it, the DOJ reiterates its expectation that an effective compliance programme should apply ‘risk-based due diligence to its third-party relationships.’ For instance, the DOJ condemned an organisation[10] for employing a Taiwanese consultant and recognising two years later that the consultant lacked any relevant experience in his description. The corporation ‘did not conduct any formal due diligence regarding the agent’s background, qualifications, other employment, or relationships with foreign government officials before or after engaging him,’ according to court documents in another case.[11]

Generally, organisations should consider performing the following:

  • require the third party to disclose information on a questionnaire;
  • use a risk-based approach to verify the information provided and independently identify adverse information; and
  • take action on any identified ‘red flags’ uncovered in the process.

Following the completion of the aforementioned steps, the organisation should strive to divide its third-party population into three categories: high, medium and low risk. High-risk third parties could include those located in a country with a considerable risk of corruption, those having significant interaction with government officials, or those for which red flags have been identified in the due diligence process. Medium-risk third parties could include those that may have less contact with government officials, such as lawyers or accountants, yet are located in a high-risk jurisdiction. And low-risk third parties might include vendors of goods and services that are not acting in an official capacity for the organisation.

The following sections address the steps an organisation could take to categorise its third-party population using a risk-based due diligence approach.

Information disclosure[12]

Organisations should design an effective and thorough questionnaire that asks reasonable questions and puts the third party ‘on the record’ regarding certain specific issues, containing, at a minimum, the following elements:

  • company background, including identifying and registration information;
  • ownership and management, including beneficial owners and others able to exercise influence over the entity and any relationships with government officials, as well as identifying information on these individuals;
  • disclosure of any civil, criminal, and regulatory matters, to identify a history of issues that may present risk factors;
  • compliance with regulatory matters (such as anti-corruption regulations), including questions about knowledge of laws and the company’s compliance regime and training efforts;
  • references for individuals knowledgeable about the third party who can provide verification of business relationships and experience; and
  • signature of a responsible party who attests to the veracity of the information and agrees to abide by all applicable laws and policies of the company in carrying out its activities.

Background research methodology

Organisations should conduct their background searches considering:

  • the type of relationship;
  • service criticality;
  • the corruption risk associated with the jurisdiction;
  • the corruption risk associated with the industry sector;
  • interaction with government officials;
  • delegation of authority to represent the company;
  • a compliance regime;
  • unusual payment methods required by the third party;
  • known adverse information about the third party; and
  • whether the details concerning third parties are important:[13]
    • whether an entity is a ‘real’ business partner with a business profile and is it experienced in the relevant industry;
    • whether said business partner is owned by company employees, or if other potential conflicts of interest exist;
    • whether the business partner, or its principals, have a track record of bankruptcy or solvency issues that might threaten the supply chain;
    • whether the business partner, or its principals, have a history of serial litigation, criminal problems, counterfeiting, child labour or product safety issues;
    • whether the business partner is associated with organised crime, terrorist groups, money laundering, bribery or corruption; and
    • whether the business partner is located in a country restricted by US law from receiving payment, or whether the vendor appears on sanction and embargo lists such as that of the US Department of the Treasury’s Office of Foreign Assets Control (OFAC).

After executing the due diligence analysis, different types of red flags can be detected, such as in cases where:[14]

  • there are links to public officials:
    • a public official recommends, pressures for or demands use of a third party;
    • the third party has connections with a public official or a member of the ruling family, including family, close friendship or current or past joint business interests;
    • the third party is closely linked to a political party, as evidenced by political contributions, public statements, attendance at or hosting of political events;
    • a director or manager of the third party is a former public official;
    • the third party relies heavily on keeping good and close contacts with public officials for its other business interests;
    • the third-party refuses to disclose ownership and beneficial ownership information;
    • there is evidence of a genuine entity;
    • the basic attributes of a functional business are found to be lacking;
    • no pertinent experience or qualifications are evident;
    • excessive fees are charged, usually expressed as a percentage of the contract value, or overcharges for the work performed;
    • there is no evidence of a service or work product;
    • credible office and facilities are found to be lacking;
    • website, internet and social media presence are not commensurate with the nature and size of the third party;
    • the entity is unlisted in business journals, directories or chamber of commerce membership;
    • there is inadequate evidence that the entity has the expertise or technical facilities to deliver; or
    • circumstances of the third-party entity’s creation are vague;
  • questions arise over the entity’s relationship attitude:
    • the third party resists requests for information, reveals as little as it can, is not forthcoming about aspects of its business or claims grounds of market confidentiality;
    • the third party resists receiving visits to or tours of its premises and facilities.
    • the third party provides what it expects is required but the information is window-dressing, does not live up to close inspection or has no depth in its application across the activities of the third party, such as an ‘off-the-shelf’ anti-bribery programme designed to satisfy and deceive the potential client;
    • the third party refuses to commit to implementing an anti-bribery programme equivalent to that of the company;
    • company officials exhibit unusual behaviour, such as not being acquiescent to all requests, being uneasy, nervous, deflecting questions or being unavailable for meetings;
    • the information provided is vague, lacking in detail or irrelevant; or
    • the third party is unclear about the subcontractors it will use, payment arrangements with subcontractors or the role of subcontractors; or
  • there are questions about the entity’s reputation:
    • there are suggestions that the third party or its officers have links to corrupt activity – this can be references in the media and social media or comments by opinion formers, contractors or contacts of the third party;
    • the third party or its officers have been subject to criticism in media and social media for poor ethical standards or alleged wrongdoing;
    • the third party has been the subject of investigations or sanctions in any field, not just bribery and corruption;
    • there is evidence of unsatisfactory relations or unexplained contract terminations between the third party and its customers and suppliers;
    • there are financial and operational concerns;
    • statutory accounts are late in posting;
    • books and records show inaccurate recording of expenditures;
    • proposed fees and commissions are excessive;
    • contract records show manipulation of the contract terms and specifications once having been awarded; or
    • there is evidence of financial pressures.

Dealing with electronic evidence in Latin America

One of the tools in a forensic accountant’s toolkit is the ability to collect and analyse large data sets to search for evidence of wrongdoing. E-discovery is the industry term for forensic practices to collect, preserve and identify data required for the discovery process or potential use as evidence in legal proceedings. Typically, E-discovery is triggered in reaction to an event or an information governance, compliance, legal or some other strategic initiative, as further described below:

  • An event can include an investigation, litigation or response to a regulatory scrutiny.
  • A strategic initiative can include migrating to a cloud environment to facilitate remote working, process or a policy realignment to cope with changing data privacy regulations.

During an event such as a bribery and corruption case, the longer it takes to identify and stop any wrongdoing, the more time the perpetrator has to remit improper payments that may expose the organisation to sanctions, penalties and other legal risks. E-discovery encompasses the identification, collection, processing and review of electronic and hard copy data. It facilitates forensic accountants to review different forms of data, regardless of its source, and maintain the proper context and chronology of the issue in question. Organisations may often view the use of e-discovery advanced technologies as using a sledgehammer to crack a nut. However, in Latin America, there are many flexible, agile and reduced-cost approaches that can be taken to derive significant value from the e-discovery process. A consolidated end-to-end managed document review approach is the key to reducing costs while maximising results and alleviating the pressure on the team.

There are two key digital solutions to consider for continuous monitoring to proactively spot corruption related risks:

  • Human-created information such as emails, personnel files and financial information. E-discovery technologies have been built to proactively monitor human-created information in real-time. This can include insider trading, collusion and other non-compliant behaviour by plugging into conversations (including, but not limited to, Microsoft Exchange, Office 365, Google Suite, MS Teams, Skype and social media messaging services), and automatically alerting of potential risks.
  • Human behaviour, such as employees leaking confidential information. E-discovery technologies also can generate alerts for risky behaviour on the organisation’s network or employee’s laptop in real-time. This could be the copying of confidential information resulting in an alert and the employee’s laptop being automatically blocked pending investigation to mitigate or prevent the leakage of sensitive and confidential information to its competitor.

The global framework for e-discovery

Since 2005, the Electronic Disclosure Reference Model (EDRM)[15] has helped guide organisations through information governance and the discovery process for electronically stored documentation. The EDRM is created and maintained by a community of e-discovery and legal professionals. It helps organisations select e-discovery software tools, determine the skillsets needed to operate those tools, and design documentation that maps the process from end-to-end for legal purposes.

One of the key aspects for Latin American (and other global) law firms to consider is an organisation’s need to defensibly delete data under the various data protection laws that vary from one Latin American country to other, including the increase in data sources leaving organisations oblivious to where its data resides.[16]

Challenges of preserving and collecting evidence

Forensic accountants work with attorneys to set expectations regarding deliverables, information to be available and regulations that would affect the procedures. During investigations, the task of collecting relevant evidence, determining whether it meets the requirements to produce documents or provide information – or whether it should otherwise be produced to demonstrate a cooperative stance – is time and resource intensive. It often requires specialised technical knowledge and experience. Information should not be treated as an easily portable product, and personal data protection requirements and other confidentiality restrictions should be carefully considered before information is transferred between jurisdictions or produced to the authorities.

In the first instance, it is good practice to understand the complete picture of information, considering data, documents and human sources (e.g., witnesses). This will better position the team to determine how best to obtain the different types of data, factor in any legal constraints, cross-border and resource planning and capacity, and timing (how, when and where). The chain of custody serves the purpose of demonstrating that the evidence has been duly preserved from any alteration or damage and will therefore retain its value intact. At the time documents or devices enter the forensic accountant’s chain of custody, a record should be maintained of the items received or returned. The level of detail required to secure the chain of custody could be agreed with the attorneys.

Types of electronic information usually include, but are not limited to, emails, text messages, instant correspondence and other electronic chats (WhatsApp, Telegram, WeChat, etc.), financial records, internet history, deleted files and temporary files. There are two central debates in Latin America around the use of electronic evidence in the context of an internal investigation. The first relates to the organisation’s legal right to review information that could be protected by the employee’s constitutional right to privacy. The second relates to the procedures followed to produce that evidence, which ensures its integrity and proper preservation.

It is good practice to define the scope and objectives for the e-discovery procedures, as well as identifying and resolving non-technical issues that may impede the successful completion of the electronic evidence collection process. This generally includes an understanding of the matter being investigated (including the purpose of the investigation, individuals involved), nature and size of the business, legal or regulatory aspects of evidence preservation (in case of intervention by an enforcement authority), and timelines. Additional considerations may include:

  • the nature of the IT environment (e.g., operating systems, communications topology, platforms used);
  • data privacy considerations that may affect what data can be examined or obtained;
  • legal privilege that may affect the evidence collection process;
  • the authorisation matrix under which evidence must be acquired (e.g., approval of the system owner, custodian’s consent, by court order);
  • the intervention of a public notary who certifies and records the procedures performed and the forensic tools that were used should be evaluated to reinforce the process; and
  • the nature and location of the evidence, as digital information is likely to reside on various types of media (e.g., hard drives, personal computers, servers, backup tapes and other removable media) or electronic devices (e.g., mobile phones, tablets). Relevant date ranges and other parameters will help define the required dataset.

Preservation of documentation

The basic premise of document preservation is it seeks to collect the data in such a manner that it can later be used as a valid form of evidence. For this purpose, minimal manipulation of the original device is good practice, given that electronic evidence is volatile and may be inadvertently altered or destroyed, therefore the investigator should perform his or her work on a forensic copy of the original dataset. Dates and times arising from both the system and the forensic process, which may be relevant to validating information or testifying in court, should also be recorded.

Simplifying to the extreme the protocol of evidence acquisition (data preservation), we could summarise it as the ‘forensic image’ of a device that contains information in a way that replicates a bit-by-bit image, or the structure and contents of a storage device such as a hard disk. This operation is essential to analyse the metadata (and the attributes of the files) contained in the devices. The information contained in the second disk (forensic image) is validated with respect to the information contained in the first by applying an algorithm that generates a unique representation of the dataset. Technically, this process is known as ‘hashing’ and generates a long string of characters that comes to identify that evidence and validate data integrity, ensuring that the information has not been altered.

Incorporating mobile devices in investigations

Data extracted from mobile devices can provide crucial evidence during the execution of an investigation. However, organisations are urged to have proper controls and mechanisms in place to be able to reap the benefits of this critical information. The development of mobile forensics is a subset of digital forensics focused on the recovery of mobile digital evidence in a manner that is acceptable by law.

With the current smartphone penetration in Latin America, as well as the significant dependence on mobile devices in people’s daily lives, it is likely that relevant corporate data will be found on both corporate and personal mobile devices. The rising trend of remote and flexible work and bring-your-own-device (BYOD) contributes to blurring the lines between corporate and personal information. These factors make mobile devices an essential data source during investigations, helping piece together the puzzle or identifying the ‘smoking gun’.

The use of messaging applications and other off-system communications channels for business purposes is under scrutiny from regulators since the information running through those ephemeral messaging platforms are not captured by companies’ record-keeping systems.[17] On 2 and 3 March 2023, during speeches by Deputy Attorney General (DAG) Lisa Monaco[18] and Assistant Attorney General (AAG) Kenneth A Polite Jr,[19] at the ABA’s annual White Collar National Institute in Miami, the US Department of Justice’s (DOJ) Criminal Division announced several policy updates consistent with the initiatives announced in the September 2022 Monaco Memorandum. Among others, the DOJ released an updated guidance on the ‘Evaluation of Corporate Compliance Programs’ (Compliance Evaluation Guidance).[20] Overall, the guidance indicates that company policies on these issues ‘should be tailored to the corporation’s risk profile and specific business needs and ensure that, as appropriate and to the greatest extent possible, business-related electronic data and communications are accessible and amenable to preservation by the company.’ In his 3 March 2023 speech, AAG Polite Jr tied these issues back to cooperation noting that in an investigation:

if a company has not produced communications from . . . third-party messaging applications, our prosecutors will not accept that at face value. They’ll ask about the company’s ability to access such communications, whether they are stored on corporate devices or servers, as well as applicable privacy and local laws, among other things [and a] company’s answers – or lack of answers – may very well affect the offer it receives to resolve criminal liability.

Corporate policies should include both personal and corporate devices and attention should be on how best to segregate personal and corporate data. For example, with mobile devices, the use of two SIMs or the use of WhatsApp Business for corporate matters could help in segregating business and personal communications. In the same way, storage of personal data on corporate devices should be limited and managed appropriately, such as through restricting access or using access logs. Depending on the jurisdiction and policies in place, the organisation may have the right to obtain all corporate data, including any business communication on personal devices. However, appropriate legal advice should be sought in all cases. This also includes how data may be transferred, based on the applicable laws and regulations.[21]

The stage of data preservation would not imply a violation of the right to privacy, since there is no access to protected content. The processing stage is also low risk, since it consists of a series of procedures on the evidence (de-duplication, indexing, filtering, among others) where there is no access to the contents by the operator. It is in the review stage where the forensic accountants could read the documents and evaluate whether they are relevant. In this instance, a reviewer may eventually access protected content. Keyword searches usually help reviewers focus on those documents that would be potentially relevant and related to a business matter.

How is electronic evidence reviewed?

Once the evidence processing stage is completed (in which deleted documents are restored, duplicates are eliminated, documents are indexed and filtered, among others), the data is uploaded to a review platform, whose function is the review and labelling of evidence. All collected and processed data can be uploaded to the review platform, including paper documents that can be digitised using an OCR technology that allows text to be searched in the same way as electronic data. A review platform should encompass the following.

  • Remote access: authorised users access a secure central repository hosting all data sources and case files from any location 24/7 using an internet connection. Highly customisable security rights are desirable. For example, authorised users can control the type of access (e.g., none, read or write) each user has on a document and project level basis.
  • Ability to host all data relating to a matter in one secure place: advanced processing technologies are built to create structure across unstructured data to allow investigators to run searches across a variety of data sources in one go. This could include handwritten notes, work diaries, hard copy files, email, enterprise tools, text messages, voicemail, IMs, file sharing, financial platforms, social platforms, lifestyle audit results, background checks and due diligence reports, and other electronic content that may be stored on desktops, laptops, file servers, mainframes, smartphones, employees’ home computers or on a variety of other platforms.
  • Record all work product in one secure place: advanced review tools provide an automated and detailed document history mechanism that tracks changes made to a document, the person who made them and when the changes were made. Authorised users can be provided with an easy upload document function to integrate all information relating to the matter into the same environment from their desktop.
  • Traditional lexicon-based processes, such as, text extraction/OCR, search index and keyword application.
  • Advanced searching and keyword refinement using natural language processing, latent semantic indexing and machine learning to expedite the identification of key information within the dataset.
  • Ability to visualise email activities to track the flow of information by exploring what emails have been sent to who and determine what email domains have been most accessed.
  • Visual timeline builder for the events, issues and key role players linked directly to the reliable evidence.
  • Automated translation, transcription and redaction tools to enable the searchability of foreign documents and media as well as protecting sensitive information through user-defined terms.
  • Transferable data and insights between multiple cases.

The dataset is filtered by a list of search terms (keywords). Traditionally, this process consisted of listing relevant search terms, such as names, specific keywords, phone numbers, or any other word or phrase that could help identify relevant documents. Those keywords should be tailored based on local jargon. In Latin America, we use corruption related terms in Spanish such as ‘cometa’ (Argentinean slang for bribe), ‘mordida’ (Mexican), ‘corbata’ (Colombian), ‘matraca’ (Venezuelan), among others. While this remains a useful method for identifying relevant documents, many vendors now offer other sophisticated document search and review technologies leveraging artificial intelligence and sentiment algorithms, which could detect and relate unique phrases between unstructured data sets, to refine them to the most relevant information.

These review technologies are broadly classified under the name of ‘predictive analytics’ and provide the building of an intuitive machine learning process and case-specific algorithms on the platform itself. Simply put, once the review is initiated, the platform can learn what the reviewers are searching for and move the most relevant documents to the top of the review batch. This can expedite the identification of the most relevant documents. Other tools include conceptual searches, context searches, metadata searches, relevance classification, clustering, and early case evaluation. To varying degrees, all these processes allow review teams to quickly focus on relevant documents and potentially identify relevant witnesses.

Transaction testing and monitoring

Regulators in the US and across various jurisdictions around the globe have expressed their expectations that organisation’s corporate compliance programmes include a data analytics component. In addition to being able to meet regulatory expectations, organisations are finding that distilling large data sets – such as vendor payments, internal and external communications, social media usage, network activity, customer interactions, cross-border transactions and accounting records – is useful to identify potential anomalies and risky patterns that would be challenging to detect otherwise. Based on a recent global study by the ACFE derived from more than 2,000 real cases of fraud affecting organisations in 133 countries and 23 industries, it underscored the importance of organisations using proactive data analytic techniques. According to the study, when controls were in place using data analytics the average duration of fraud incidents were eight months. However, in cases where no controls were in place, it took 18 months. This represents a 56 per cent faster fraud detection rate when data analytics were in place, ranking it as the number one control to help mitigate fraud.[22]

During the planning stage of an investigation, forensic accountants should discuss with attorneys the types of transactions and analyses that will be completed on the different datasets. The procedures to be carried out (e.g., testing of transactions related to corruption risks) should be discussed and agreed. Based on the forensic accountant’s experience, they could develop specific fraud queries based on the nature of the matter and attributes of the records that are analysed from a selection of transactions (‘targeted sample’). There are several ways to identify the transaction population that should be analysed as part of an investigation. In general, forensic accountants may consider the allegations first, which may detail some particular transactions of interest or may include larger subsets of data.

In the following section, we explore how forensic accountants leverage data analytics to assist organisations in mitigating one of the highest risk areas – that is, payment remitted to its vendors. Following legal counsel’s instructions (so privilege is protected), forensic accountants could conduct an assessment of payments remitted to vendors, which is usually focused on a relevant review period. The procedures to be performed could include:

  • aggregate accounts payable and payments data provided by the organisation from the ERP systems covering, as needed, different subsidiaries and business units.
  • perform analytical procedures on the accounts payable and payments data and public records searches on select vendors to identify higher-risk transactions and vendors;
  • select a risk-based and targeted sample of transactions for further analysis; and
  • request and review vouchers and supporting documentation for sampled transactions.

Risk-ranking methodology using analytical and public records searches

The following table lists examples of risk indicators that could be considered when running analytics on an organisation’s vendor population.

Very highVendors reported by the Tax Authority as issuers of fake invoices (tax credit blacklist)
Very highVendors that are also current or former employees of public entities; this only applies to vendors that are individuals
Very highVendors directly linked with public officials (e.g., a public official is a director or shareholder of a vendor)
Very highVendors that participated as donors of political campaigns (it only applies to individuals that are vendors and participated as donors of presidential or mid- term elections)
HighVendors directly related to those reported by the Tax Authority as issuers of fake invoices (for sharing officers, addresses, employees, assets, among others)
HighVendors that provided services to political campaigns (for advertising, ballot printing, among others)
MediumVendors that also have active employment with other entity (it only applies to vendors that are individuals)
MediumVendors that, according to tax authorities, are not registered as employers or have fewer than five employees
MediumVendors that are (or were) national state contractors or suppliers
MediumVendors that are current or former client employees; only applies to vendors that are individuals
MediumVendors directly related to client employees (for sharing officers, addresses, employees, assets, among others)
LowVendors with activities reported to tax authorities that are considered as high risk of corruption or money laundering activities
LowVendors that have been identified by tax authorities due to potential issues related to tax evasion
LowVendors created in the last six months (from their registration in different taxes).
LowVendors directly linked to other vendors (for sharing officers, addresses, employees, assets, among others)

Once the vendor population has been defined, based on the risks under investigastion, a selection may be made from various transaction-level risk indicators to run analytics based on the ERP data. The following provides a sample list of potential fraud queries:

  • invoices that failed Benford’s law of digit frequency distribution;[23]
  • invoices over the weekend or a holiday;
  • a vendor who submitted multiple invoices with the same date, same amount and different invoice numbers;
  • duplicate invoices (same vendor, invoice number, amount, different date);
  • one-time vendor by year (one invoice a year);
  • payment date before or on invoice date;
  • accounts payable processed faster than average (rush payments);
  • vendor invoice total increases by 100 per cent per period (one year);
  • multiple payments to the same vendor within a specific time period;
  • invoices that have vendors with same address but different names;
  • invoice amount reduced by 80 per cent from one invoice to next invoice;
  • invoice within two days of quarter-end close;
  • invoice splitting (same vendor number, date, invoice number, but different amount);
  • sequentially numbered invoices;
  • invoices with descriptions that contain an FCPA keyword;
  • large invoice value;
  • payment date before or on invoice date;
  • supplier names containing the word ‘cash’;
  • high percentage of round dollar invoices for a vendor;
  • payments over the weekend or a holiday;
  • invoices with uncommon transaction groupings; and
  • invoices with round amounts.

Sampling methodology

A risk-based and targeted sample of high-risk transactions is selected from the ERP data for further analysis, based on the results of the analytical procedures described above. A typical sample selection criteria are listed and categorised as follows:

Category A: transactions hit on transaction risk indicators for ‘very high-risk vendors’

Selected high-risk transactions for each of the vendors directly connected to previous corruption cases (per local news articles and other open sources) and vendors that hit on the very high vendor risk indicators as defined above. High-risk transactions refer to the transactions that had high risk scores based on the tests ran against the transaction risk indicators as defined above.

Category B: transactions hit on transaction risk indicators for high-risk vendors

Selected high-risk transactions for each of the vendors that hit on the high vendor risk indicators as defined above.

Category C: transactions hit on transaction risk indicators for medium-risk vendors

Selected high-risk transactions for each of the vendors that hit on the medium vendor risk indicators as defined above.

Category D: transactions hit on transaction risk indicators for low-risk vendors

  • Selected high-risk transactions for each of the vendors that hit on the Low vendor risk indicators as defined above.

Category E: top 1 per cent of transactions based on transaction risk indicators for very low-risk vendors

  • Selected a targeted sample of transactions that did not hit on a vendor risk indicator but were risk-ranked to be in the top 1 per cent based on transaction risk indicators as defined above.

Category F: other transactions considered for testing purposes

  • Selected high-risk transactions from each of the following populations:
    • ERP transactions that hit on transaction risk indicators for vendors NOT included in Categories A-D; and
    • ERP transactions that did not hit on transaction risk indicators for vendors included in Categories A-D.

Usual outcomes of the transaction testing in Latin America, based on the review of sample supporting documentation

Based on the procedures described above, when managing the risk of corruption in Latin America, the following red flags are normally found:

  • Payments made to potentially higher risk vendors, including entities alleged to be associated with previous corruption cases and vendors that are included in the tax authorities’ blacklists.
  • Payments made to vendors that may be linked to government officials or agencies, including ‘politically exposed persons’ or vendors engaging in political contributions.
  • Vendors that appeared to have circumvented the organisation’s procurement controls.
  • Record retention may appear inconsistent as the nature and quality of support for some transactions is better than others, including:
    • Nature of support: For some transactions, the nature of goods or services provided by the vendors may appear to be inconsistent with their business profile. Although the file may maintain the purchase order, invoice and payment order, there may be limited proof of services as support for these transactions. In other cases, the nature of goods or services provided appeared to be consistent with the vendors’ business profile. However, the supporting documentation may be generally limited, and the information provided may not allow the forensic accountants to further evaluate the costs in the context of the broader tender to which the invoices were related.
    • Inconsistent procurement process and determination of price reasonableness: the procurement processes may be inconsistent, and, in many instances, the supporting evidence may not include documentation related to the process for selecting vendors or procedures to obtain competitive bids. Based on the information contained in the supporting documentation packages, some cases will present challenges to determine if the invoiced amounts are reasonable and commensurate with the fair value for the goods or services provided. Also, transactions sampled may relate to advance payments associated with goods or services, which fair value cannot be determined.
    • Insufficient proof of services: same transactions may include copies of work certificates (services) or delivery orders (goods). For some transactions (e.g., marketing-related vendors), the organisation may provide examples of reports evidencing the services rendered; however, there may be instanced where the forensic accountant is unable to tie these reports to individual invoices.
    • Method of payment: when the organisation pays most of its vendor’s pending invoices by issuing checks, it is quite common that the transaction support may not include documentation (e.g., copies of cancelled checks) that would allow the forensic accountants to confirm the beneficiary or recipient.


The SEC and DOJ’s decisions have shown that severe negative effects on an organisation’s ability to operate can occur if they do not follow their expectations related to third-party risk management, proper evidence collection methods and leveraging data analytics to efficiently cull through large data sets. While executing these procedures, the legal and financial worlds are intertwined, and in many cases, they require collaboration to resolve complex legal disputes, regulatory issues and investigations. Attorneys and forensic accountants are two professions that can complement one another to achieve optimal results for clients.

Forensic accountants can provide valuable assistance to law firms in a variety of ways, such as by analysing financial data to detect and prevent fraudulent activities, identifying financial red flags and ensuring regulatory compliance. Leveraging their expertise in accounting and investigation techniques, forensic accountants can assist attorneys with due diligence, regulatory compliance, fraud prevention, computer forensic analysis, transaction testing for identifying financial red flags, among others.

The organisations that implement solid integrity programmes, especially in regions that pose high-risk, will be best positioned to mitigate its risks and protect themselves against potential sanctions and fines.


[1] Nelson Luis is a partner and serves as Deloitte’s forensic services practice leader for the Spanish Latin America region, and Raúl Saccani and Fernando Peyretti are partners at Deloitte.

[2] American Institute of Certified Public Accountants. Forensic & Valuation Services Executive Committee, ‘AICPA: Statement on Standards for Forensic Services No. 1’ (2019).

[3] Occupational Fraud 2022: A Report to the Nations. Copyright 2022 by the Association of Certified Fraud Examiners, Inc.

[4] Corruption Perception Index 2022, January 2023, available at:

[5] Global Corruption Barometer for Latin America and the Caribbean 2019, September 2019, available at:

[6] Financial Crime in Latin America and the Caribbean: Understanding Country Challenges and Designing Effective Technical Responses, October 2021, available at:

[8] International third-party due diligence, Jessica Raskin, 2019, available at:

[9] US Department of Justice Criminal Division Evaluation of Corporate Compliance Programs, available at:

[10] US v. Alcatel-Lucent Trade lnt’I, A.G.

[11] US v. Titan Corp.

[12] International third-party due diligence, Jessica Raskin, 2019.

[13] International third-party due diligence, Jessica Raskin, 2019.

[14] Managing third party risk, Transparency International, June 2016, available at:

[15] Available at Last access April 4th 2023.

[16] Linda Sheehan, Navin Sing, Greg Rammego and Clayton Thomopoulos, Key areas for collaboration between lawyers and e-discovery professionals in South Africa, February 2021.

[17] Andrew M Levine and Chana Zuckier, The messaging dilemma: grappling with employees’ off-system communications, February 3rd 2023, available at: Last access April 4th 2023.

[20] Available at Last access April 4th 2023.

[21] Cezar Serhal, Natalie Forester and Faiz Ali Khan, ‘Blurred lines: Incorporating mobile devices in corporate investigations’, Spring 2022, Deloitte Middle East.

[22] Occupational Fraud 2022: A Report to the Nations. Copyright 2022 by the Association of Certified Fraud Examiners, Inc.

[23] First digit of invoice local currency amounts is identified using Benford’s law of uniform distribution to identify outliers for specific digit anomalies.

Unlock unlimited access to all Latin Lawyer content