Internal Investigations: Detecting Fraud Before the Government Intervenes

Internal Investigations: Detecting Fraud Before the Government Intervenes

Your controller just flagged unusual journal entries in the last quarter’s financials – adjusting entries that reverse prior period expenses, pushing them into the current quarter to hit earnings targets. Or maybe internal audit discovered duplicate vendor payments going to accounts your CFO personally approved. You’re the CEO or General Counsel, and you’re facing a question that determines whether your company survives the next year: do these red flags warrant a full internal investigation, or are you overreacting to routine accounting issues? Here’s what matters: organizations lose 5% of revenue to fraud annually, with total analyzed losses exceeding $3.1 billion, and more than half of occupational frauds occur because internal controls either didn’t exist or were deliberately overridden. The difference between companies that detect fraud early and companies that face DOJ or SEC enforcement comes down to whether someone recognized the red flags and had authority to investigate before the government received a whistleblower complaint or Suspicious Activity Report from your bank.

Thanks for visiting Spodek Law Group – a second generation law firm managed by Todd Spodek, with over 40 years of combined experience defending corporations in federal fraud prosecutions. We’ve represented companies where early detection through internal investigation resulted in remediation before regulators got involved, and we’ve defended companies where failure to investigate red flags became the government’s evidence of willful blindness. This article explains what red flags actually mean – not abstract warning signs from compliance textbooks, but specific indicators that federal prosecutors will later point to as evidence management should have known fraud was occurring. It also explains why detecting fraud before government intervention protects you legally, financially, and reputationally in ways that cooperation after indictment never can.

The Red Flags Prosecutors Use to Prove Knowledge

Federal prosecutors building fraud cases need to prove defendants knew misconduct was occurring and either participated or turned a blind eye. The challenge: establishing what executives knew and when they knew it. Common red flags that prosecutors use include unusual journal entries, employees with excessive authority over multiple financial functions, identical payments to different vendors, and employees who refuse to take vacations or share duties with colleagues.

Take journal adjusting entries. Every company makes period-end adjustments – reclassifying expenses, recording accruals, correcting errors. But repeated patterns of adjusting entries that inflate revenue or reduce expenses, particularly entries without supporting documentation or entries made by executives rather than accounting staff, suggest intentional manipulation rather than routine corrections. When SEC or DOJ investigates, they subpoena general ledgers and trace every adjusting entry made in the twelve months before restatement. They interview the accountants who made the entries and the executives who approved them. If those entries reversed legitimate expenses to artificially boost earnings, and if executives who approved them received bonuses tied to those earnings targets, prosecutors have their case.

The constitutional problem with using red flags as evidence of knowledge: hindsight bias. What looks obviously suspicious to prosecutors reviewing records after fraud is discovered often appeared ambiguous when it was occurring. Adjusting entry could be fraud or could be legitimate accounting judgment. Duplicate payment could be fraud or could be data entry error. Employee refusing to take vacation could be embezzling or could just be dedicated to work. The red flags become definitive evidence of knowledge only after investigation proves fraud actually occurred. But if you saw the red flags and didn’t investigate, prosecutors argue you deliberately avoided learning what investigation would have revealed.

Behavioral Indicators That Trigger Investigations

Employee works consistently longer hours than colleagues with no apparent business justification. Employees who are reluctant to take holidays or time off, particularly those who refuse to let others cover their duties, and employees who become excessively secretive about work details trigger suspicion during fraud investigations. Why? Because these behaviors suggest the employee is preventing others from discovering irregularities they’ve created.

Real example pattern from our practice: accounts payable clerk never takes vacation in four years. Creates and approves vendor payments – dual authority that violates segregation of duties, but explained away as “small accounting team, we all wear multiple hats.” Controller notices clerk becomes defensive when asked about certain vendors. Doesn’t investigate further because clerk has been with company for years and seems trustworthy. Two years later: FBI executes search warrants. The clerk created 15 fictitious vendors, approved over $800,000 in payments to those vendors over three years. Company executives face federal charges for fraud and obstruction because prosecutors argue the behavioral red flags – refusal to take vacation, defensive behavior about vendors, dual authority over payments – should have triggered investigation.

The Sixth Amendment guarantees criminal defendants the right to confront witnesses and challenge evidence. But that protection means nothing when the evidence consists of your own employees’ suspicious behavior that management witnessed but ignored. You can’t cross-examine your own failure to investigate.

The 48-Hour Window When Red Flags Surface

You just learned about potential fraud indicators – unusual entries, suspicious payments, behavioral concerns. You have maybe 48 hours to make three critical decisions that determine the next three years. First decision: is this a red flag requiring immediate investigation, or routine activity that doesn’t warrant formal inquiry? Most executives get this wrong because they underestimate what “requires investigation” actually means under Sarbanes-Oxley Section 404 and DOJ’s evaluation of corporate compliance programs.

SOX 404 requires management to assess effectiveness of internal controls over financial reporting. If fraud occurred that reasonably designed controls should have detected, and you didn’t investigate red flags suggesting controls were failing, auditors will conclude your assessment was inadequate. That triggers material weakness disclosure, audit opinion modification, and SEC inquiry into why management certified effective controls when fraud was occurring.

Second decision: who investigates – business-side compliance, internal audit, or legal counsel? This determines privilege protection. Internal audit and compliance-led investigations create business records discoverable in litigation and regulatory investigations. Legal counsel-directed investigations can invoke attorney-client privilege, protecting findings unless you choose to disclose. The decision is irrevocable – you can’t start with compliance investigation, discover fraud, and retroactively claim privilege.

Third decision: do we implement legal hold immediately to preserve evidence? If investigation uncovers fraud and prosecutors later charge obstruction for evidence destruction, they’ll point to the moment red flags surfaced as when legal hold obligation arose. Failure to implement hold at that point becomes separate obstruction charge, even if you didn’t destroy evidence intentionally.

Why Early Detection Provides More Protection Than Cooperation After Indictment

Companies that detect fraud through internal investigation before government involvement have five advantages companies that cooperate after SEC or DOJ investigation don’t have. First, you control the narrative. When you voluntarily disclose findings to DOJ, you’re presenting investigated facts with context and mitigation. When prosecutors investigate first, they develop facts through adversarial process – target letters, grand jury subpoenas, search warrants – and present those facts in indictment that presumes guilt.

Second, remediation looks genuine when implemented before enforcement action. DOJ’s 2025 evaluation of corporate compliance programs explicitly asks whether violations were detected and addressed before government discovered them. Companies that detect fraud, terminate responsible employees, enhance controls, and disclose voluntarily demonstrate effective compliance. Companies that remediate only after receiving SEC Wells notice look like they’re trying to mitigate punishment, not prevent recurrence.

Third, you preserve guaranteed declination option under DOJ’s May 2025 Corporate Enforcement Policy. Self-disclosure before government contact qualifies for declination regardless of fraud severity, assuming full cooperation and remediation. Self-disclosure after government initiates investigation qualifies only for penalty reduction – not declination guarantee. The window closes the moment FBI or SEC contacts the company.

Fourth, civil litigation exposure is lower. Companies that detect and remediate fraud before restatement announcements can sometimes avoid class action securities litigation entirely if restatement is immaterial. Companies that restate after SEC investigation face presumption of securities fraud, with litigation damages calculated from inflated stock prices throughout fraud period. The difference is hundreds of millions in potential civil liability.

Fifth, individuals face less prosecution risk. DOJ increasingly requires companies to identify culpable individuals as condition of cooperation. When company detects fraud early through investigation and terminates responsible employees, those individuals face termination and potential civil liability but not automatic criminal prosecution. When DOJ discovers fraud through its own investigation, prosecutors already have target list and substantial evidence before company attempts to cooperate. The individuals DOJ identified during investigation will likely face criminal charges regardless of corporate cooperation.

What Happens When You Don’t Investigate Red Flags

You saw behavioral indicators – employee refusing vacation, defensive about work details, maintaining control over financial functions that should be segregated. You saw financial irregularities – adjusting entries without documentation, vendor payments requiring additional approval. You didn’t investigate because the employee had long tenure, explanations seemed plausible, and you didn’t want to create hostile work environment by questioning trusted staff. Eighteen months later: bank files Suspicious Activity Report with FinCEN after detecting unusual transaction patterns. FBI opens investigation. Grand jury issues subpoenas. The company executive who saw red flags and didn’t investigate now sits for deposition where prosecutors ask: “When did you first notice unusual patterns in accounts payable?” “Why didn’t you investigate at that time?” “Did you understand your obligations under Sarbanes-Oxley to assess effectiveness of internal controls?” “Were you aware the company’s compliance policy required investigation of potential fraud indicators?”

The executive’s choices: admit seeing red flags but didn’t investigate (prosecutors argue willful blindness), claim didn’t notice anything suspicious (contradicted by emails and meeting notes showing executive questioned the activity), or assert didn’t have obligation to investigate (contradicted by SOX certifications and compliance policies executive signed). None of these positions are defensible. The failure to investigate became more damaging than the underlying fraud.

At Spodek Law Group, we’ve represented executives in exactly this situation – they saw indicators suggesting possible misconduct but didn’t launch formal investigation, and prosecutors later characterized that failure as willful blindness or conscious avoidance. Constitutional principles require prosecutors to prove knowledge beyond reasonable doubt, but red flags combined with failure to investigate create powerful circumstantial evidence of deliberate ignorance. The investigation you didn’t conduct becomes the investigation prosecutors conduct for you – except they’re investigating both the underlying fraud and your failure to detect it. We’re available 24/7 at 212-300-5196.