8 Underrated Critical Types of Evidence in Email Reviews


Sundaraparipurnan Narayanan
Associate Director of Forensic Services, SKP Business Consulting

In the current electronic age, e-discovery is considered one of the key approaches for gathering evidence in litigation and investigations into misconduct. With new tools being created to help uncover and understand electronic data, the industry is evolving to new heights. When there is a large amount of data to review, the process requires a purpose-led approach to ensure the evidence is compiled objectively and accurately.

E-discovery reviews are based on keywords, timelines and communication patterns relevant to a purpose or defined objective. Amidst multiple aspects — like the nature of email threading, parent-child linkages, text analytics and communication patterns considered for review — the following eight elements are essential types of email evidence to not overlook in your examinations:

  • Calendar: A potential subject may schedule meetings that are contextually important to a case.
    Example: In a Foreign Corrupt Practices Act investigation, a calendar appointment with an individual at a posh restaurant a few days prior to the approval for a regulatory license may be relevant if the individual’s name in the appointment and the name of the public official providing the license are the same or similar.
  • Automatic email: Dates mentioned in an automated out of office response may be important for connecting a chain of events associated with a concerned individual.
    Example: If the dates of out of office responses sent during a vacation conflict with contract negotiation dates with a third party it may be a red flag to look into.
  • Travel and hotel information: Travel and hotel booking information can contain vital evidence.
    Example: In a kickback investigation, payment details as part of a travel or hotel booking voucher that contain the name of a payee/credit card holder may be relevant to correlate an employee’s relations with a suspected vendor/third party.
  • E-commerce purchases/email alerts: Alerts from e-commerce sites or courier agencies can play key roles in examinations.
    Example: A dispatch intimation from a shipper from a suspected third party to an employee’s personal address may be relevant for further enquiry in a conflict of interest or kickback investigation. Similarly, banks and financial institutions send alerts (on cash deposits, exceeding limits, swipe of card in unusual locations, etc.) as email alerts. These email alerts may be relevant in a chain of events to correlate and corroborate with the available information in the context of a review.
  • Group/other registrations: Email IDs registered with certain sites (gambling, pornographic or dating) and emails received from such sites may be relevant during investigations into misconduct.
  • Task classification (flagging): Task classification and completion are used for the convenience of tracking key activities/communications. Such tagging may highlight certain patterns.
    Example: A pattern of prioritizing the approval of third party invoices over others along with task classification by a user department representative, who is using the services of the concerned third party, may show possible indications of favoritism by the employee.
  • Self-emails, notes/task listing: Many individuals send emails to themselves as a reminder, notification, to-do list, etc.
    Example: A self-email by an accountant containing the phrase ”change estimations” may be relevant in a financial statement fraud. It is necessary to understand that some of the content mentioned in self-emails may not necessarily have the keywords identified as relevant for the case. Similarly, subjects may update their tasks/notes as part of their email service, which may contain messages of evidentiary value.
  • Folder structures: Every individual has a way of organizing their email communications. This includes the way the individual has classified their folders within their email service or the archival methodology they had adopted. These aspects provide necessary insights in understanding which folders contain relevant information.

Reviewing digital data for evidence requires objective-driven searches in order to understand and interpret a given circumstance. Awareness of possible alternative evidence provides the ability to anticipate and look for some of the above categories of communications in search of evidence. While not all these categories may be relevant in every case, these are vital ways to find the evidence needed to detect fraud.

Frontline Impact: 3 Practices For Creating Organizational Fraud Awareness


Katherine Peavy
Head of Program Management
Center for Responsible Enterprise And Trade (CREATe.org)


Consider the fines in three recent Foreign Corrupt Practices Act (FCPA) cases:

  • In July 2014, gun-maker Smith & Wesson settled FCPA charges with the Securities and Exchange Commission (SEC), paying $2 million in fines and disgorgement.
  • In December 2014, the Bruker Corp. settled an FCPA enforcement action with the SEC for $2.4 million.
  • Also at the end of 2014, France’s Alstom S.A. pled guilty to corruption charges and was fined $772 million by the Department of Justice (DOJ).

While the fines in these cases are large, rarely is the frontline impact to employees, managers and shareholders discussed. At the very least, employees involved in the corrupt acts have their employment terminated. But often you see companies involved in FCPA cases laying off large numbers of employees, or even selling business units as Bruker and Alstom did. Additionally, stock prices take a hit, at least temporarily, when a DOJ or SEC case against a company is announced. For example, Smith & Wesson’s stock price in June 2014 reached $16.68 per share, but after the settlement announcement in July, it plummeted to nearly half that with a low of $9.54 per share in October.

Fines, investigative costs, legal fees and loss of employee, customer and shareholder trust all take a toll. At the Center for Responsible Enterprise And Trade (CREATe.org), our work on anti-corruption compliance programs with multinational corporations has highlighted areas where companies need to improve management processes and increase organizational awareness of anti-corruption compliance. It is precisely at the frontline with employees where companies need to invest resources in order to create the organizational awareness that will prevent fraud and protect jobs, profits and share prices. 

There are many steps companies can take to fully embed anti-corruption programs across an organization. As a starting point, below are three practices for improving organizational awareness around anti-corruption compliance from CREATe’s whitepaper, Why Anti-Corruption Programs Fail: Turning Policies into Practices.

  1. Engage Your Employees
    In both the Smith & Wesson and Bruker cases, the companies failed to engage employees in foreign offices sufficiently to communicate policies and procedures designed to prevent corruption. Engagement on anti-corruption management practices must go beyond translating Codes of Conduct and Statements of Ethics into local languages.

    A key success factor in engaging frontline employees in preventing corruption is communication by their own leadership. Germany’s Siemens implemented a process the company calls “Integrity Dialog,” in which managers discuss recent compliance matters with their teams. The dialogs serve the dual purpose of engaging employees and managers in discussions on anti-corruption compliance.
  2. Focused, Customized Training and Communications
    The DOJ’s press release announcing Alstom’s settlement of corruption charges noted that even after a previous corruption case, the company did not implement specific training and communications to set expectations for employees in preventing corruption.

    In complex global businesses, annual training on anti-corruption compliance often isn’t enough. Using more routine communications via onsite meetings by senior compliance leadership and the company intranet, and customizing training to the region, is critical to closing the gap in training and communications.
  3. Encourage Reporting and Questions
    The ACFE’s 2014 Report to the Nations on Occupational Fraud and Abuse notes that in detecting corruption:

    Tips are consistently and by far the most common detection method. Over 40% of all cases were detected by a tip — more than twice the rate of any other detection method. Employees accounted for nearly half of all tips that led to the discovery of fraud.

    Indeed, most of the high profile corporate fraud cases of the past 20 years, from Enron to Madoff, were uncovered due to courageous whistleblowers alerting the company, the government or the public to the situation.

    For the whitepaper Why Anti-Corruption Programs Fail, CREATe interviewed a number of compliance executives who stated that a critical tool in their compliance programs is encouraging reporting and questions. Actions include offering incentives such as an annual Chairman’s award to whistleblowers and employees who have stood up for anti-corruption compliance in the organization. Some of the same compliance executives state that they also hold one-on-one meetings with employees in different offices to emphasize company support for reporting and questions on corruption prevention.

In CREATe’s work with the employees and suppliers of global organizations, cascading management systems that include policies and procedures to prevent corruption is key to a company’s success with its anti-corruption compliance program. Engaging employees, focused and customized training, and encouraging reporting and questions leads to frontline organizational awareness of the management systems and business processes that are critical to detecting and deterring fraud and corruption.

Katherine Peavy is head of program management for the Center for Responsible Enterprise And Trade (CREATe.org), a non-governmental organization dedicated to helping companies around the globe prevent piracy, counterfeiting, trade secret theft and corruption. She is a global compliance executive with more than 15 years' experience in China managing multicultural teams to implement compliance programs and complete corruption investigations, most recently for Wal-Mart.