Insights | 01 July 2022

Internal investigations and corporate governance – Be prepared

ESG matters are core to a company’s reputation and standing, so organisations should ensure that they have effective governance structures in place to respond swiftly and decisively to potential breaches, to halt potential crises in their tracks.

Although not a day-to-day topic for a board of directors, internal investigations remain a crucial mechanism in a company’s compliance management toolkit, allowing it to identify and fix compliance violations.

The recently published Handbook for Internal Investigations co-edited by LALIVE partner Simone Nadelhofer and with contributions from LALIVE partner Daniel Bühr and associates Jonathon Boroski and Andrea Florin examines the many facets of this key corporate governance mechanism, from the events or issues triggering the investigation to the regulatory considerations and potential cooperation with authorities in relation to uncovered corporate wrongdoing.[1] It is a key publication for practitioners in Switzerland and abroad dealing with internal investigations.

Internal investigations can be triggered by classic irregularities such as money laundering, corruption, fraud and antitrust violations, and – increasingly – by matters involving environmental, social and governance (“ESG”) obligations. This was evidenced by the recent raid of DWS Group and Deutsche Bank over allegations of greenwashing, showing a shift in regulatory focus towards corporate accountability for ESG matters.[2]

Given the potential internal and external ramifications for an organisation and its shareholders, the board of directors must, as a matter of good corporate governance, assess the facts and quickly determine whether the violation merits a more detailed internal investigation. According to ISO 37000:2021 (governance of organisation), organisations should establish and maintain processes to assess and investigate suspected or actual instances of noncompliance.[3] These processes should include a method by which the organisation can:

  • identify potential wrongdoing; and
  • analyse the root causes of these weaknesses and thereby improve its compliance management systems.[4]

Such processes should be performed independently and be free of conflicts of interest for those investigating the violations.

Once the investigation is complete, the board of directors should ensure that the results are documented – not only to address the violations but also to improve the organisation’s compliance management system to ensure it does not occur again. The organisation’s governing body and senior management should receive regular reports on the status and outcomes of internal investigations.

The lessons learned during the investigation, and the findings, should be used to improve the compliance management system – including the investigative process. Doing so will allow the organisation to remedy its management system, demonstrate accountability throughout the organisation, train employees to prevent future violations and update internal guidelines accordingly.

Such internal investigations are a lynchpin of compliance management, allowing the organisation to:

  • demonstrate its commitment to compliance management and ESG issues;
  • promote accountability, both internally and externally;
  • prevent recurrent and more serious violations in the future; and
  • uncover facts to better position itself to authorities, should it decide to self-declare the violations.

Regulators will consider the mechanisms in place and the steps taken (including internal investigations), should an organisation choose to self-report a compliance violation. For example, the US Department of Justice (DOJ) Guidelines on the Evaluation of Corporate Compliance Programs[5] cites the existence of a functioning and well-funded system for investigating any allegations or suspicions of misconduct committed by the company or its employees as a cornerstone of an effective investigations structure. This process must also effectively identify the root cause of the misconduct and steps taken to address it.

Organisations looking to actively identify and mitigate risks should engage external evaluators (e.g., law firms or auditors) to evaluate their compliance and control functions. Although costs can be high in the short term, they should be considered a long-term investment in the company’s governance.[6]

An organisation must also clearly document this root cause analysis and any disciplinary measures or remediation taken in response to the findings.[7] If the authorities prosecute, they will consider:

  • the root cause analysis;
  • prior indications of such misconduct;
  • efforts to address the issues identified during the investigation; and
  • disciplinary measures to hold the responsible parties accountable.

Organisations should ensure that their internal investigation process captures these details and that the results consider these elements.


Internal investigations remain a key support and management tool for the board to address ESG risks at an early stage as well as to address crisis situations. The board of directors is obliged to prevent, or at least minimise, violations by the company, which includes investigating known or suspected compliance violations or failure in its ESG obligations. These constitute a major ESG risk of damage for companies, their shareholders and other stakeholders, with potential for severe fines, damage claims, exclusion of public tenders and business partners – as well as reputational harm.

If authorities become aware of violations, an organisation must demonstrate its thorough investigation of the violation, its root causes and efforts to remediate. The better prepared a company is, the faster, more carefully and purposefully potential violations can be investigated, limiting damage and addressing any organisational weaknesses to prevent future instances of misconduct.


[1] BAZZANI, CLAUDIA/FERRARI-VISCA, RETO/NADELHOFER, SIMONE (Hrsg.), Interne Untersuchungen (Handbücher für die Anwaltspraxis), Basel 2022. The book (in German) can be purchased through the Helbing Verlag webshop:

[2] Owen Walker and Joe Miller, German police raid DWS and Deutsche Bank over greenwashing allegations, Financial Times, (31 May 2022),

[3] ISO 37000, section 8.4.

[4] Götz Staehlin, Claudia / Brupbacher, Oliver M., Governance einer internen Untersuchung, s. 54-55 in: Bazzani, Claudio / Ferrari-Visca, Reto / Nadelhofer, Simone (Hrsg.), Interne Untersuchungen (Handbücher für die Anwaltspraxis), Basel 2022.

[5] U.S. Department of Justice Criminal Division, Evaluation of Corporate Compliance Programs (Updated June 2020), p16 (available at

[6] Nadelhofer, Simone / Boroski, Jonathon E, Monitorships, s. 822 in: Bazzani, Claudio / Ferrari-Visca, Reto / Nadelhofer, Simone (Hrsg.), Interne Untersuchungen (Handbücher für die Anwaltspraxis), Basel 2022.

[7] Id. at p17.

Back to listing