New Deloitte Middle East whitepaper tackles collection of forensic records in GCC… 

WHEN A company’s management takes the serious decision to commission a forensic data collection, it usually involves sensitive, stressful and potentially risky circumstances such as fraud, litigation or a regulatory breach.

The process involved, from a GCC viewpoint, is explored in a new Deloitte Middle East whitepaper titled ‘Forensic Data Collection in the GCC: Ensuring your electronic review doesn’t fall at the first hurdle’.

“At this sensitive point in any company’s business, it is imperative that the management ensures that they get value for money, the right advice, the right solution and know how to avoid the whole process being undermined from day one,” said Rick Barker, director and Head of Forensic Technology at Deloitte Corporate Finance Limited, Middle East.

Prohibited activities

In the whitepaper, Deloitte identifies three common scenarios that might necessitate a forensic collection in GCC countries. The first is international companies, usually with exposure to the US or UK, who would need to investigate allegations of prohibited activities in their local branch office or subsidiary, which may have to be reported to a regulator.

Typically this relates to allegations of bribery of foreign government officials or transactions with sanctioned countries. The second scenario is for companies in arbitration or litigation where there is a need to identify relevant documents or communications for disclosure. The final common collection scenario is where a company’s management is investigating staff for misconduct and dishonesty, usually related to fraud or ‘kick-back’.

“When the management of a company deems forensic data collection to be necessary, they expect that the collection and review process will be effective and not expose them to further risk,” explains Barker, who advises companies in forensic data collection.

Complying with laws

The Deloitte whitepaper also looks at a number of aspects in the collection process, in particular in relation to complying with data laws. The whitepaper notes that it is critical to take into consideration the complete scope of legal constraints of the jurisdiction in which the collection is undertaken, and potentially, any associated jurisdictions. It also answers the question of whether foreign laws can be ignored in the GCC during the process. Tips on how to go about seeking legal advice, as well as important recommendations for the technical aspects of data collection to ensure key evidence is not overlooked are also included.

Getting the forensic data collection right ensures a firm foundation for subsequent reviews, findings and legal action.

On this, Barker says that “With so much at stake, companies and their legal advisors cannot afford to make assumptions or make avoidable mistakes.”