Global investigations today demand multidisciplinary expertise to address financial misconduct, fraud, and complex regulatory challenges. Forensic accounting plays a vital role by uncovering financial irregularities, analyzing data, evaluating internal controls, and supporting legal teams through precise, evidence-based insights. This chapter outlines how forensic accountants, technologists, and intelligence specialists work together to identify wrongdoing, assess risk, and strengthen compliance in a rapidly evolving business landscape.

Posted In:

GIR The Practitioners Guide to Global Investigations
November 12, 2025
Share

This article was first published in Global Investigations Review in October 2025; for further in-depth analysis, please visit GIR The Practitioner’s Guide to Global Investigations – Edition 10.

Introduction

The modern business landscape is increasingly complex, characterised by a web of regulations, complicated cross-border transactions and exponential changes in technology and data volume. While this environment creates countless opportunities for corporate growth, it also increases the risk of fraud, waste and abuse and the need for comprehensive investigations when misconduct is suspected. Global investigations today require teams with diverse expertise, including lawyers, forensic accountants, forensic technologists, data analysts, business intelligence specialists and industry experts.

At the heart of global investigations are numerous operational, legal, technological and, of course, financial issues. These functions are often intertwined and require thoughtful coordination among investigators. As accounting is sometimes referred to as the language of business, it follows that complex global investigations require experienced financial interpreters to make sense of vast corporate records and data. Forensic accountants and related specialists serve as essential partners in global investigations and litigation proceedings. Bringing specialised expertise in fraud detection, auditing, quantification of loss, data analysis and internal controls, forensic practitioners help distil facts to answer investigative questions of who, what, where, when, why and – importantly – how.

This chapter explores global investigations from the perspective of US forensic accounting, technology and intelligence experts working in close collaboration with legal teams. We discuss types of forensic specialists, considerations for scoping, working with stakeholders, common procedures and other nuanced practice areas. Forensic skill sets apply to countless types of misconduct investigations, including financial statement fraud, misappropriation of assets, corruption, healthcare fraud, money laundering, sanctions violations, cyber-enabled fraud, digital asset misuse or non-compliance with internal controls – just to name a few.

Anatomy of a forensic accounting investigation

There are a few authoritative standards governing forensic accounting services. In the United States, the American Institute of Certified Public Accountants has issued Statement on Standards for Forensic Services No. 1, which provides guidance to CPAs providing forensic services to clients. This standard notes that ‘forensic’ means ‘used in, or suitable to, courts of law or public debate’ and forensic accounting investigations are matters:

conducted in response to specific concerns of wrongdoing in which the member is engaged to perform procedures to collect, analyze, evaluate, or interpret certain evidential matter to assist the stakeholders (for example, client, board of directors, independent auditor, or regulator) in reaching a conclusion on the merits of the concerns.[1]

Notably, US forensic standards do not prescribe specific procedures that must be undertaken in a forensic investigation (unlike a financial statement audit in accordance with Generally Accepted Auditing Standards, which must follow detailed standards).[2] Instead, forensic matters require professional judgement and consideration of the specific facts and circumstances when determining scope, procedures, findings and recommendations. Practitioners rely on their extensive experience, knowledge of common schemes and non-authoritative guidance when designing and executing procedures tailored to suit the allegations at hand. Factors often considered when planning forensic investigative procedures may include, but are not limited to:

  • engagement structure, including privilege considerations;
  • suspected schemes, allegations and relevant affected financial areas;
  • data and information available;
  • potential technology tools to employ;
  • internal control environment, control activities, prior findings;
  • roles of and accessibility to, witnesses for interviews;
  • geography, including local jurisdictions, laws, regulations and risk profile;
  • cost and complexity of the procedures contemplated, weighed against benefits expected;
  • interested stakeholders (e.g., investors, regulators, board committees, banks, auditors); and
  • oversight and reporting structure of the work undertaken.

While every investigation presents unique circumstances and challenges, many forensic investigations bear similar traits. It is common for forensic accountants, technologists and intelligence specialists to collaborate with counsel to approach complex investigations in phases, which include the following:

  • Engagement structure and privilege protection: Many investigations are structured such that forensic professionals are engaged through counsel to preserve privilege. While forensic professionals sometimes work directly through a corporation, working under counsel ensures that sensitive communications and work product remain protected.
  • Initial assessment: Successful forensic investigations often begin with preliminary interviews and high-level fact gathering to identify key areas of concern and related evidence sources. This triage phase enables investigators to allocate resources effectively and develop targeted investigative work plans to focus on key risks.
  • Evidence collection and analysis: Modern investigations demand robust document preservation and collection procedures that utilise advanced technology platforms to gather, organise and analyse relevant data and documentation. Forensic technologists preserve and interrogate evidence, such as data from communications systems (email), devices, chat platforms, systems data and other business records, which serves as the backbone of many of the analyses conducted by forensic investigators.
  • Financial forensic analysis: Leveraging data from evidence collection procedures, forensic accountants analyse various financial and operational information, focusing on the issue subject to investigation. Forensic accountants are adept at identifying patterns, assessing the substance of transactions, interpreting complex financial information and identifying control vulnerabilities.
  • Forensic data analytics: Forensic data analytics specialists utilise knowledge of database systems, tools and methods to mine data efficiently. Data analytics is critical for investigators to uncover patterns, anomalies and evidence of misconduct that traditional auditing and accounting methods might miss.
  • Business intelligence: Many global investigations require collecting information from outside the organisation to gain insight into employees, vendors, customers or other entities. Business intelligence research is an invaluable resource in forensic investigations, shedding light on individuals, entities and connections that are often opaque in internal corporate records.

Given the unique nature of every matter and organisation under scrutiny, the precise scope, timing and procedures performed by forensic specialists are not one-size-fits-all. Experienced practitioners, by necessity, will exercise professional judgement and tailor each investigation to the allegation or suspected wrongdoing. The sections in this chapter provide deeper insight into the various roles of forensic practitioners in global investigations, including forensic accountants, technologists and business intelligence specialists and the relevant tools brought to bear.

Role of forensic accountants

Working closely with counsel, forensic accountants serve as the financial eyes and ears of a broader investigative team. With multifaceted expertise in accounting, auditing, financial reporting, interpreting business records, quantitative analysis, internal controls and interviewing, forensic accountants are skilled at uncovering pertinent evidence to assess whether misconduct has occurred and its relative impact on an organisation quantitatively and qualitatively.

Additionally, many forensic accountants have extensive experience dealing with complex regulatory enforcement matters and legal disputes. They often practise in front of, and are sometimes engaged by, government agencies, such as the Securities and Exchange Commission, Department of Justice (DOJ), state attorneys general and international equivalents. As such, forensic accountants bring a valuable perspective on complex financial issues against the backdrop of attendant legal and regulatory risks.

Evidence gathering

When engaged early in the investigation, forensic accountants can provide critical input about which types of accounting and business records it is important to gather for a thorough assessment of suspected business misconduct. This can include identifying relevant custodians or file storage locations likely to have information required to probe an allegation, business process or financial transaction and which should be preserved. They can assist in identifying important systems and capturing relevant data for complex forensic analytics, including accounting entries, detailed subledger data (e.g., inventory movements), reimbursable travel and entertainment records, case management data, vendor information, disbursement data, human resource data and payroll records.

Investigations face unique challenges surrounding messaging, cloud collaboration and ticketing platforms, which generate large volumes of short-form communications and embedded documents, and can be challenging to preserve and reconstruct. Many communications are encrypted, requiring specialised tools or cooperation to access, or utilise short retention periods leading to ephemeral communications. Combined with the exponential growth of enterprise data sources, this creates a complex, resource-intensive environment for investigative teams, requiring them to identify these sources early and plan for capture and conversion into a reviewable format.

Interviews

While document and data analyses can reveal inconsistencies or suspicious transactional activity, interviews are an invaluable tool for forensic accountants as they provide context, detailed explanations and even admissions during fact-finding. Experienced forensic accountants can help validate facts, uncover hidden details, assess credibility and form a coherent narrative.

Interviews are typically conducted jointly with investigative counsel, providing complementary but unique viewpoints in real time. Forensic accountants can help ensure interviews address nuanced financial topics, with deliberate questions informed by a deep understanding of accounting standards, business operations, financial behaviour and internal controls. Lawyers naturally approach interviews from a legal mindset, focusing on fact-finding relevant to assessing regulatory compliance, liability and employment law issues, among other things. A forensic accountant may approach the same conversation with a different lens, seeking information to assess financial concerns, accounting irregularities and important facts to build a complete and accurate financial narrative.

Beyond the surface of books and records

Reviewing and analysing an organisation’s books and records is a foundational element of forensic accounting investigation. A company’s books and records generally include, but are not limited to, its financial statements, related supporting documents (invoices, purchase orders, bank records, etc.), a general ledger of all accounting entries and other data sources across numerous corporate functions. Forensic accountants serve as skilled interpreters of business records, helping investigative teams understand the true economic substance behind transactions compared with how they were documented or accounted for.

Forensic accountants are trained to look beyond the surface of business records –seeking out indicia of procedural and factual irregularities that may call into question the authenticity of records or appropriateness of business activities. Forensic accounting specialists also analyse business records for patterns and corresponding outliers signalling improper or unusual activity; for example, purchase orders exceeding approval limits, unauthorised transactions or suspicious recurring payments to new vendors can indicate heightened risk activities requiring follow-up.

Forensic analysis considers all relevant documents, not just those specifically labelled as the ‘support’ for a transaction or arrangement. Forensic accountants assess underlying transaction documents concurrently with other evidence, such as emails, interviews, business intelligence findings and transactional accounting data, to understand and corroborate the full context of the transactions. Depending on the nature of the suspected wrongdoing, investigative techniques will be tailored as needed with the subject matter, scheme or scenario in mind.

To use a common scheme encountered in global corruption investigations, consider a scenario where a company pays a vendor in a high-risk jurisdiction for general consulting services. A trained forensic accountant would evaluate the arrangement by reviewing the payment itself and other documents to corroborate the substance of the transaction. This might include relevant contracts, banking information, vendor due diligence documents, consultant deliverables, emails, text messages and internal control documentation. Information from business intelligence research on the vendor might also supplement evidence regarding the corporate structure, when and where the entity was established, key individuals, reputation and whether involved parties include politically exposed persons (PEPs). Analysing these evidence sources in tandem provides a far more comprehensive view to support the investigation and conclusions.

When investigating potential financial statement fraud, a forensic accountant often focuses on whether the company’s reported results were appropriately accounted for in accordance with relevant accounting standards, such as the US Generally Accepted Accounting Principles. This determination is based on the forensic accountant’s experience, education and training; for example, determining if revenue was recognised in the appropriate reporting period requires analysing underlying records such as the contract, shipping records, acceptance confirmations, payment information and corresponding accounting entries.

In an investigation of potential misappropriation of assets, a forensic accountant’s goal is to ascertain whether funds or resources may have been diverted. This process often begins with reviewing the general ledger, bank statements and supporting documents, such as invoices, purchase orders and payroll records. The forensic accountant looks for inconsistencies, such as duplicate or fictitious vendors, payments to unfamiliar accounts, unusual asset write-offs or inflated expense reimbursements. To test accuracy, they may also reconcile recorded transactions against third-party evidence, such as bank confirmations or third-party correspondence.

Evaluation of fraud risk indicators

Forensic accountants are adept at evaluating whether specific facts or circumstances suggest an elevated risk of fraud. These potential warning signs, commonly referred to as fraud risk indicators or red flags, do not, on their own, constitute evidence of misconduct or wrongdoing.[3] However, they signal areas that may require deeper scrutiny and closer examination.

Identifying fraud risk indicators is typically based on a combination of the practitioner’s professional experiences with schemes, scenarios and patterns observed in other matters and professional guidance that describes conditions commonly associated with fraud, waste and abuse.

This also involves benchmarking observed facts and circumstances against common characteristics of higher-risk conditions, transactions, arrangements, relationships or practices. In a case involving potential corruption, for example, a red flag may be frequent or unusually large recurring payments to a single vendor labelled as ‘commissions’, lacking a clearly defined business purpose or supporting documentation. Through this process, forensic accountants can focus investigative efforts and determine whether anomalies are isolated incidents or signs of broader systemic issues.

Assessment of internal controls

While corporate investigations are largely aimed at fact-finding to assess whether misconduct has occurred, understanding how misconduct occurred is crucial. Weak, poorly designed or missing controls may be a root cause that has enabled underlying fraud or misconduct. Without examining how controls functioned – or failed – during the period in question, investigations can fall short of identifying and remediating true weaknesses that allowed wrongdoing to occur in the first place.

Forensic accountants are knowledgeable about systems of internal controls, including those following common frameworks such as the Committee of Sponsoring Organizations of the Treadway Commission (COSO).[4] This experience and knowledge can be applied in numerous ways:

  • risk assessment, including with respect to fraud, waste and abuse;
  • evaluating control environment and ‘tone at the top’;
  • testing internal controls;
  • identifying control weaknesses;
  • conducting root cause analyses; and
  • recommending corrective measures to strengthen the organisation’s controls.

Risk assessment, a foundational component of the COSO Framework, is central to forensic accountants’ role in investigations. Forensic accountants help identify potential fraud risk indicators, including through scheme and scenario analysis. This involves studying the misconduct to identify how fraud occurred and conducting forward-looking ‘what-if’ evaluations of potential misconduct areas or future risks relating to the identified scheme.

For global investigations, organisations (especially US-based companies) should be conscious of regulatory and other similar authoritative guidance and standards that may apply. Identifying root causes, testing internal controls and beginning remediation as part of the investigation can demonstrate good-faith efforts to address misconduct and support a more favourable resolution of potential enforcement action (e.g., reduced fines and penalties). The DOJ stresses the importance of organisations showing they have conducted comprehensive root cause analyses, addressed those root causes and implemented effective compliance programmes in seeking credit for ‘timely and appropriate’ remediation.[5]

Forensic accountants routinely perform detailed root cause analyses to understand why prior internal controls failed by examining design flaws, operational gaps, deliberate circumvention or cultural issues. Control failures often stem from corporate cultures that tolerate non-compliance. Therefore, attention to ‘softer’ cultural controls (e.g., tone at the top) is crucial, as implementing only technical fixes (e.g., new policies) can fail to address any underlying attitudes and incentives that influence employee conduct.

Multinational organisations face varied jurisdictional regulatory expectations, business practices and cultural contexts. Effective controls in one country may be ineffective elsewhere. By incorporating holistic control assessments into global investigations, organisations can distinguish between localised failures and systemic weaknesses across geographies. This enables remediation efforts that are globally consistent yet locally adaptable, strengthening overall compliance programmes and internal controls.

Working with stakeholders

Complex investigations, particularly those focused on financial misconduct, involve numerous internal and external stakeholders of which investigative teams must be mindful. Given their understanding of each party’s perspective, the role of forensic accountants is often crucial in interactions with these stakeholders. Interaction with company personnel, including audit committees and accounting, legal, internal audit and compliance teams, is critical for fact-finding.

Outside parties can be core stakeholders for successful investigations, in particular a company’s auditors and regulators:

  • Auditors: Forensic accountants understand auditors’ professional requirements, documentation standards and internal risk management protocols. As a result, forensic practitioners can provide valuable assistance to an organisation as it navigates external auditor interactions during investigations, while advising counsel on auditor requirements and the inherent tension between information sharing and maintaining privilege.
  • Regulators: Seasoned forensic accountants possess deep regulatory experience, including knowledge of the priorities and perspectives of regulators on financial, accounting and reporting issues. This helps assess exposure to potential charges and facilitate productive discussions with regulators over the course of an investigation.

Data science and analytics in forensic investigations

Forensic data analytics is a staple of large investigations. The proliferation of data affects all corporate functions, from accounting to sales, supply chain and so on. This data-rich business environment offers a wealth of evidence for forensic investigators but also requires specialised analytical skills to mine data efficiently. Just as forensic accountants understand financial transactions, fraud schemes and digital footprints left behind in systems, data analytics specialists understand how to extract large volumes of data from disparate systems against which to apply advanced analytical testing.

Paired together, the forensic accountant and data analyst team provides a powerful design and build combination to uncover patterns, anomalies and evidence of misconduct that traditional auditing and accounting methods might miss. Data analytics facilitates forensic investigations of any scale but is paramount to success in large matters involving multiple entities and an extensive, multi-year scope period.

Analytics technologies, particularly those enhanced by artificial intelligence (AI), can process data spanning millions, or even billions, of records and more efficiently produce records of interest by applying simple rule sets or other detective algorithms. This leads to finding efficient answers, reducing human error from manual record reviews and allowing professionals to focus on explaining patterns and anomalies in responsive areas, rather than on labour-intensive tasks to find the proverbial needle in a haystack. Analytics not only saves time and money, it scales across large volumes of information, provides an audit trail of the steps performed and helps ensure defensible results in legal proceedings.

Data analytics process overview

After collecting relevant data, records are typically stored in a database or other review platform for analysis. Data can be structured, such as a payment ledger with organised and labelled columns and rows, or unstructured, such as electronic free text in a written policy document. Once uploaded to an appropriate analysis tool, the data is aggregated, checked for reasonableness and completeness, and then used by forensic investigators who develop queries, data tests and other bespoke analyses.

Data sources typically cover a variety of functional, operational and financial activities. In some cases, data not maintained on company systems can be derived from third-party documents, such as bank statements, that are scanned and transcribed. Examples of common data sources include the following:

  • Structured data:

◦ accounting general ledgers;

◦ payment and cash disbursement ledgers;

◦ vendor master files;

◦ inventory transaction ledgers;

◦ payroll data; and

◦ travel and entertainment (T&E) system data.

  • Unstructured data:

◦ corporate policy documents;

◦ electronic communications, such as email, text and instant messages;

◦ compliance reports;

◦ contracts;

◦ memoranda;

◦ meeting minutes; and

◦ interview notes.

In broad terms, forensic data analysis is designed to identify records or cohorts with attributes indicating heightened risk of fraud, waste and abuse. This may include outliers from expected norms, transactions with suspicious traits, or patterns that can help investigators corroborate or disprove suspected misconduct. In some cases, analytical methods may not require detailed knowledge of a business or its operations to uncover anomalous behaviour, while in others, they can be highly specific to the entity, business unit or even person.

Applying data analytics to core forensic investigative strategies

Data-driven analyses can range from general tests to identify common red flags, such as round dollar transactions, or be highly customised to a particular company, risk profile or scheme. Analyses can be based on one data set or multiple data sets from disparate systems compared against one another. Common techniques in forensic investigations include pattern recognition, anomaly detection and reverse proof – that is, using data to prove that legitimate behaviour does not coincide with facts and records.

  • Pattern recognition is a forensic data analytics technique that establishes what is normal, expected or typical, such that variances stand out. Visualisation tools are commonly used for pattern recognition. They may be as simple as trendlines or bar charts in Microsoft Excel, or more advanced geospatial, heatmap and multi-variable visual dashboards assisted by visualisation software.
  • More advanced pattern recognition can include machine learning and clustering analysis to identify and group items with similar characteristics for further investigative focus. These techniques can be driven by parameters specified by an analyst (supervised techniques) or determined algorithmically (unsupervised techniques). The primary difference between supervised and unsupervised techniques is the level of direction given by an analyst regarding what attributes are most relevant when identifying patterns.
  • Anomaly detection encompasses many different methods to identify suspicious activity. It can often be as simple as applying a rule set to data, such as looking for duplicate transactions (e.g., same invoice number referenced in multiple payments). Applying a ‘fuzzy’ search technique to look for approximate matches in records can yield results that a traditional rule-based analysis might not find. In the example of searching for duplicates, fuzzy matching would flag payments for invoices 12345, 12.345 or 12345A as potential duplicates.
  • More advanced anomaly detection techniques include querying data for invoices without matching purchase orders, flagging records with missing data fields or comparing distinct information sources to identify unusual ratios against a benchmark (e.g., gross margin derived from revenue and product cost). Benford’s Law[6] testing is sometimes used to detect anomalous distributions in the beginning digits of records in large data sets, such as expense reports or journal entries. Deviations from this phenomenon can be an indicator of anomalous activity.

Most complex forensic investigations use multiple different analytical techniques, data-driven tests, data sources and technology tools. Rather than assessing separate findings in silos, forensic investigators often aggregate results using methods to create composite risk scores across the data sources being studied. This can include risk scoring payments, vendors, accounting entries, personnel, departments, products or virtually any categorical information assessed through forensic data analytics.

Beyond financials: non-financial and external data analytics

Data sources that inform investigations are not always financial. Other operational data can supplement analyses with useful qualitative information. Some examples include:

  • inventory reports;
  • human resources records;
  • shipping reports;
  • customer complaints;
  • foot traffic metrics;
  • telecommunication logs;
  • network access logs;
  • training data;
  • health and safety data;
  • hotline reports; and
  • third-party databases, such as PEP or sanctioned entity lists.

Coupling analysis of financial data with non-financial data can help investigators construct event timelines, identify or eliminate persons of interest, reveal patterns of behaviour and highlight discrepancies between reported and actual activities that help corroborate or refute other evidence. Furthermore, analysing disparate data sets in conjunction with one another can bring to light otherwise unknown correlations and insights that are useful to investigators. While there are virtually unlimited possible scenarios, the following are simplified examples of multi-data set use cases:

  • Compare logs of sales personnel interactions with customer prospects in customer relationship management data to T&E reports to identify non-compliant meals, travel or entertainment.
  • Compare hourly timekeeping records to network or building access data to identify inflated hourly or project reporting.
  • Compare information from the vendor master file, such as address, tax identity or vendor email, to the employee master file to identify vendor fraud.
  • Compare directors or officers of suspicious vendors to PEP lists to identify interactions with high-risk individuals or entities.

Corporate intelligence and public record research

Forensic investigations often require evidence to be collected from outside the target organisation to fill information gaps and provide additional insight into potential misconduct. Experienced business intelligence practitioners are invaluable in forensic investigations, often uncovering difficult-to-find information from public records and open sources on companies, individuals, vendors, customers or other entities of interest. They can identify connections often absent from internal corporate records, verify details about corporations and their operations, assess track records, identify reputational risk indicators with suppliers and call attention to red flags requiring further investigation.

Business intelligence research comprises a combination of procedures that can be tailored to specific investigative needs. Intelligence-gathering procedures must be conducted in strict accordance with the applicable laws and regulations of each relevant jurisdiction. Professionals must comply with local privacy laws, data protection regulations and industry-specific requirements, including the European Union’s General Data Protection Regulation and other regulations concerning personally identifiable information, particularly when handling cross-border data. Typical sources and methods include the following:

  • Open-source intelligence collection: This forms the foundation of business intelligence investigations, encompassing publicly available information from various databases. Corporate registries provide details on business formations, ownership structures and regulatory filings, revealing shareholder compositions and corporate relationships. Court records document criminal, civil and bankruptcy proceedings, illuminating legal histories and business practices. Global sanctions databases identify restricted parties and other compliance risks.
  • Non-public records and lawful access: Non-public records may be accessed through legitimate channels, including credit reports, customs data and business licences obtained via official requests. This requires careful attention to legal authorisation and procedural requirements, which vary across jurisdictions.
  • Human intelligence networks: When documentary sources prove insufficient, human intelligence provides insights into organisational culture and operational realities. Professional analysts develop networks of informed sources across industries, regulatory bodies and regions. Effective human intelligence relies on cultivating relationships with well-positioned individuals who discreetly share insights. Intelligence professionals develop an understanding of local business practices and cultural contexts that are essential for distinguishing normal behaviour from problematic behaviour.
  • Analytical framework: Intelligence professionals employ iterative methods, developing and testing hypotheses against collected data. This involves structured risk assessment based on regional experience and industry knowledge. Early investigations focus on identifying threat indicators, with analysts refining assessments as additional information becomes available.

Specialised technologies and matter types

Building on the core investigative competencies discussed above, we now discuss certain discrete areas of specialisation around technologies and methods used by forensic practitioners.

E-discovery and artificial intelligence-assisted document review

AI, machine learning and natural language processing (NLP) have transformed how organisations approach early-stage investigations and document review. By leveraging AI-powered workflows, investigators can rapidly triage vast amounts of data, isolating the most relevant materials early on in a matter. Most review platforms integrate predictive coding, concept clustering, active learning and large language model (LLM) chat and automated review features, allowing teams to prioritise potentially responsive or high-risk documents before launching a full review. This saves significant time and cost and helps investigative teams identify key issues and themes early to inform case strategy.

NLP enables automated entity recognition, sentiment analysis and relationship mapping, which help investigators uncover hidden connections and context within unstructured data. For example, NLP models can group related documents based on meaning rather than simple keyword overlap, enabling investigators to quickly surface patterns of behaviour or communication across email, chat and other data sets. This semantic understanding is especially powerful when timelines are compressed and rapid insight is critical.

Deep and dark web

During an investigation, misappropriated data can be sold to bad actors on the dark web. While not inherently illegal, the dark web’s anonymity fuels criminal activity.

Searching the dark web entails using specialised software for anonymous browsing to access websites and services not otherwise accessible by common search engines. There are significant risks when searching the dark web, including malware, scams and nefarious activity, and technical skills are required for navigation.

Forensic investigators can partner with cybersecurity and business intelligence professionals to search for nefarious data as part of a security audit or investigation, deploying tactics to protect investigative intentions.

Digital assets and cryptocurrencies

Cryptocurrency investigations represent a nuanced and highly technical discipline likely to increase in prominence as digital asset use proliferates globally. The decentralised nature of cryptocurrency transactions presents unique challenges for regulatory oversight, enforcement and corporate investigations.

As digital assets have created new vulnerabilities for fraud and money laundering schemes, practitioners must understand the fundamental challenges and opportunities.

Recent studies estimate that illicit cryptocurrency activity reached US$45 billion in 2024, representing a 24 per cent decrease compared with 2023. Given the complexities of detecting illicit transactions, the final 2024 figure may be understated and illicit crypto activity could have been in excess of US$75 billion.[7] Despite these challenges, blockchain technology provides significant investigative advantages through its permanent transaction records, enabling comprehensive financial trails for forensic accountants, technologists and lawyers to follow.

Having specialists who are fluent in crypto processes, auditing and technology will be critical as issues emerge:

  • Blockchain transparency versus user privacy: Although cryptocurrency transactions offer user privacy, every transaction is permanently recorded on a public blockchain, enabling investigators to trace asset movements and identify connections to illicit activities.
  • Criminal obfuscation strategies: Sophisticated actors use cryptocurrency mixing services and cross-chain bridges to obscure transaction trails. However, these hiding methods are becoming less effective as regulatory frameworks advance.
  • Exchange platforms and investigations: A critical point for investigations occurs when cryptocurrency is converted back to traditional fiat currency. The exchange type significantly affects available evidence and asset recovery potential. Regulated exchanges should have customer verification and asset freezing capabilities in place, which can be helpful during a dispute or investigation. However, when digital wallets are pooled, this process becomes more complex. Unregulated exchanges function without customer identification, limiting investigative options even further.
Asset tracing and recovery

Successful judgment enforcement and fraud recovery efforts require effective asset-tracing strategies to identify, locate and secure assets hidden within complex corporate or trust structures across jurisdictions. Forensic accountants, in partnership with business intelligence professionals, look for indicators of concealed assets, including transfers between entities, family members or close associates, layered ownership structures and high-value acquisitions of real property, vehicles, art or financial holdings.

Understanding corporate formation mechanics is critical for asset tracing as certain jurisdictions, such as the British Virgin Islands, Cayman Islands and Delaware, offer minimal disclosure requirements and strong secrecy laws that facilitate asset concealment. Though each scenario and its unique details are different, there are common elements to asset-tracing investigations of which practitioners should be aware. Steps typically include the following:

  • In coordination with counsel, teams begin by assessing the underlying loss to determine viable recovery options.
  • Forensic accountants and business intelligence experts then map the debtor’s geographical footprint through public records, identifying corporate affiliates, business interests and potential assets under their control.
  • These teams help identify, locate and estimate value on tangible assets, such as real estate and art, and non-tangible assets, such as receivables and investments.
  • Forensic accountants may supplement research with intelligence from local industry contacts, law enforcement or other sources within relevant jurisdictions to identify additional assets or create leverage points for recovery efforts.

Through this comprehensive approach, forensic accountants and investigative teams can aid counsel in transforming complex, entangled webs into actionable recovery strategies that maximise the likelihood of successful asset recovery for their clients.

Conclusion: the future of investigations

As fraud, waste and abuse schemes around the world constantly evolve and become increasingly novel, the capabilities of investigative teams must adapt accordingly. Coinciding with this changing fraud landscape have been shifting enforcement priorities and rapid technological advancement. As a result, today’s global investigations require diversity in skill sets across the spectrum of legal, forensic accounting, technology, intelligence, compliance and industry disciplines.

Investigations of the future will increasingly rely on technology, particularly as data volumes multiply exponentially and disruptive innovations permeate all aspects of the business world. Investigators who leverage AI and advanced data analytics to process vast information streams and identify patterns will be able to uncover fact patterns that would otherwise prove impossible to do manually.

But despite such technological evolution, human nature remains constant. Financial pressures continue to drive behaviour and while methods may advance, the fundamental psychological patterns underlying financial crimes are unchanged. Many fraud and misconduct schemes of today are simply new flavours of yesterday. Successful investigators must think like bad actors and employ sophisticated tools and techniques to root out misconduct and level the playing field.

Acknowledgements

The authors would like to acknowledge contributions from Lou Cona, Laura Greenman, Midori Knowles, Steve Kopeck, Mike Roos, Chuck Soha, Amanda Stephens and Mairea Workman.

To receive StoneTurn Insights, sign up for our newsletter.

[1]  American Institute of Certified Public Accountants (AICPA), ‘Statement on Standards for Forensic Services No. 1’, https://www.aicpa-cima.com/resources/download/statement-on-standards-for-forensic-services.
[2]  Forensic standard dictates general principles, such as requiring professional competence, due care, adequate planning and supervision, and obtaining sufficient relevant data to provide a reasonable basis for conclusions or recommendations (AICPA, ‘Statement on Standards for Forensic Services No. 1’, supra note 1).
[3]  Under professional standards released by the AICPA in January 2020, forensic accountants are ‘prohibited from opining regarding the ultimate conclusion of fraud’. Throughout these evaluations, the application of professional scepticism is essential, including through critical assessment of available evidence (see supra note 1).
[4]  Committee of Sponsoring Organizations of the Treadway Commission, ‘Internal Control – Integrated Framework, Executive Summary’, May 2013, https://www.coso.org/_files/ugd/3059fc_1df7d5dd38074006bce8fdf621a942cf.pdf.
[5]  US Dep’t of Justice, Criminal Division, ‘Corporate Enforcement and Voluntary Self-Disclosure Policy’, para. 5(c) (2023), https://www.justice.gov/criminal-fraud/file/1562831/download.
[6]  Benford’s Law is a statistical principle that predicts how frequently the digits 1 to 9 appear as the leading digits in naturally occurring sets of numerical data. As it relates to fraud, Benford’s Law can be used to identify unusual transaction patterns. For example, applying the law to expense report line items might yield the observation that certain leading digits that coincide with the threshold for documentation (i.e., receipt requirements) occur more frequently than expected. This in turn can be an indicator of structuring transaction amounts to circumvent compliance processes.
[7]  TRM Labs, ‘2025 Crypto Crime Report’, https://www.trmlabs.com/reports-and-whitepapers/2025-crypto-crime-report.

 

 

Meet the Authors

Eric

Eric Hines

Partner
Kyla

Kyla Curley

Partner
Josh Dennis

Joshua Dennis

Partner
Snezana HS

Snežana Gebauer

Partner
Share

About the Authors

Eric

Eric Hines

Eric Hines, a Partner with StoneTurn, brings over two decades of experience in forensic accounting, controls & compliance, and dispute consulting engagements. He serves as a consultant to attorneys and […]

Read Bio
Read Bio
Kyla

Kyla Curley

Kyla Curley, a Partner with StoneTurn, has 25 years of experience investigating and making sense of complex and sensitive issues involving financial fraud, misuse, and misappropriation, as well as analyzing […]

Read Bio
Read Bio
Josh Dennis

Joshua Dennis

Joshua Dennis, a Partner with StoneTurn, has more than 20 years of experience working with clients and counsel on issues requiring complex data analysis, including investigations, economic damages, intellectual property, […]

Read Bio
Read Bio
Snezana HS

Snežana Gebauer

Snežana Gebauer, a Partner with StoneTurn, has 20 years of experience in managing complex international investigations for major law firms, Fortune 500 corporations, government agencies and sovereign nations.  She frequently […]

Read Bio
Read Bio

Related Insights