Any investigation by a regulator is a serious matter and should be treated as such. Enforcement action following a regulatory breach has the potential to be devastating for an organisation and for the people involved, with striking financial, reputational and other consequences.
This survival guide is designed to outline some of the steps you can take when you are the subject of a regulatory investigation, helping you to take back control and put yourself in the best possible situation to create a favourable outcome.
This short guide highlights some of the key parts of a regulator’s investigation. Whilst it may assist the reader to understand the landscape of a regulatory investigation, given their seriousness and complexity, it is not considered to be a substitute for obtaining legal advice.
A regulatory investigation is a formal investigation carried out by a regulatory enforcement authority to determine whether an organisation has complied with laws and regulations. There are numerous regulators who have the enforcement powers and the ability to prosecute in the UK. Some of the most well known regulators include the Health and Safety Executive (‘HSE’), Environment Agency (‘EA’), local authorities, the Financial Conduct Authority (‘FCA’) and the Care Quality Commission (‘CQC’).
Investigations can be triggered for a number of reasons, including self-reporting, audits and inspections, police referrals, complaints and whistleblowing. All investigations should be treated seriously as the consequences of being found to be non-compliant can be severe and far-reaching, including enforcement notices, revocation of licences and, in the most serious of cases, criminal prosecution.
Ashfords’ business risk and regulation team are highly experienced in supporting organisations throughout regulatory investigations and below is our survival guide to assist you in understanding the regulatory investigation landscape.
All investigations are unique, and it is important to remember that each regulator has varying powers available to them and different methods for conducting investigations.
It is important to establish from the outset, what the regulator is investigating. Whilst this may be obvious in some cases, it may be less clear in others and it is important to remember that the focus of an investigation can change over time. Whereas some investigations can commence within hours of a specific incident occurring, others may focus on more historic issues. In all cases, a meeting with the regulator at the outset is recommended so that there is clarity regarding the purpose and scope of the investigation. You should begin by asking the regulator for the specific allegations, including the applicable laws and regulations and what their enforcement powers are.
It is vitally important to identify and preserve the key information and evidence which any regulator will require and which you will need to consider for your own investigation. Relevant evidence might include:
In addition, a careful note should be taken of what evidence the regulator has collected, with a duplicate copy kept for your own records.
Do not wait until an investigation has commenced to get yourself organised. It is important to know the regulator’s powers of entry, search and seizure of evidence and what requests are compulsory or voluntary. You should also be mindful of what documents are disclosable and whether you can assert privilege over any documents. If you are unsure, obtain legal advice, remembering that any information that is provided could be used as evidence against you in criminal enforcement proceedings.
The impact that a serious investigation may have on staff cannot be underestimated and this stress is often compounded if, as is likely, the regulator wishes to take witness statements from staff members. The first priority is staff wellbeing and it is important to ensure that HR support is made available. Depending on circumstances, consideration should also be given to whether separate legal representation is needed for any individuals.
If you are unsure of the rights and duties of your organisation and staff members within these interviews, you should obtain advice from a specialist regulatory lawyer.
Organisations can have an important role to play in supporting individual witnesses to give clear evidence. Staff often provide key information in understanding how work activities were organised and, ultimately, what may have gone wrong. Therefore, it can assist witnesses in giving clear, factually correct information if they have access to relevant evidence as listed above to mitigate the risk of speculation.
An effective internal investigation can be a powerful tool to assist an organisation in understanding what, how and why an incident has occurred, helping you to take corrective action to manage any risks going forward.
In some cases, your investigation may begin shortly after an incident and before the regulator becomes involved. However, in other instances, the regulator may be involved immediately, meaning your investigation will need to run in parallel with theirs or potentially take place afterward. Just as it is important to understand the purpose and scope of the regulator’s investigation, you must be clear on the nature and scope of your own investigation, noting that your investigation may become disclosable.
Where an investigation identifies that changes to work processes are appropriate, instigating these swiftly and decisively can assist in giving the regulator confidence in the organisation’s overall approach to managing relevant risks, which can only positively influence the direction of the regulator’s investigation and potential enforcement action.
It can be beneficial to consult a specialist regulatory lawyer before you commence your investigation to obtain advice on the appropriate purpose and scope of your investigation. It is important to remember that your internal investigation reports and related evidence could be disclosable to the regulator.
Different regulators have different powers of investigation and different enforcement options available to them, which will vary in use in accordance with their own enforcement policies. Enforcement powers vary from informal advice and guidance, through to formal enforcement notices (of which non-compliance is a criminal offence), civil penalties and criminal prosecutions.
If the regulator provides guidance or advice, or issues an enforcement notice, take the steps outlined to rectify the breach as soon as practical. Should you disagree with the enforcement action taken, remember your rights to review and appeal. If you haven’t taken legal advice prior to this stage, you certainly should in relation to any enforcement action.
Investigations can run on for many years until the final decision on whether to bring a criminal prosecution. It is important to understand from the outset that regulatory scrutiny will be ongoing, and any new compliance issued during that time may have a bearing on the ongoing investigation.
All regulatory investigations should be taken seriously. Regulators have a wide range of enforcement options available to them which can have severe implications for organisations and individuals.
Whilst the management of risk is an ongoing process for all organisations, ongoing monitoring of compliance during and following an incident and investigation is a key priority. The regulator will look less kindly on repeat incidents.
Failure to know your rights and duties and to be ready for an investigation can result in serious disruption to business as usual, as well as risk an adverse outcome to the investigation. Take legal advice as soon as possible following any potentially significant regulatory breach.
Ashfords’ regulatory team has many years of experience in supporting clients through all different type of complex investigations. If you have any questions or would like to take legal advice in respect of a potential or current investigation, please contact Ian Manners (partner and head of business risk and regulation at Ashfords) at i.manners@ashfords.co.uk.
We produce a range of insights and publications to help keep our clients up-to-date with legal and sector developments.
Sign up
