Forensic, Risk & Compliance

Download Info Sheet

— Contact person —

Dr. Frank M. Hülsberg

Forensic, Risk & Compliance – We create security for your company

Your company is exposed to numerous risks that can have operational and financial consequences, damage its reputation and, in the worst case, jeopardize its continued existence. The environment has changed massively in recent years. In addition to the effects of the geopolitical situation and COVID-19 on global supply chains, increased raw material prices and a shortage of skilled workers, new risks such as cyber attacks and compliance violations are increasingly coming to the fore. The Corporate Social Responsibility Directive (CSRD), flanked by the Supply Chain Duty of Care Act (LkSG), the Whistleblower Protection Act (HinSchG), KRITIS, NIS2 and other requirements threaten to overburden companies and cause considerable damage if they fail to comply. In addition, there are other singular events such as fraud, corruption, antitrust violations and general breaches of due diligence obligations.

Compliance and risk management
Compliance is often seen as a buzzword for excessive processes and controls in large companies, but it also applies to SMEs. Compliance with laws and regulations is a matter of course – there are no useful or tolerable violations of laws and regulations. In addition to the self-evident tax, labor, antitrust or criminal law requirements, regulations (e.g. on occupational health and safety or environmental protection) and new regulations such as the CSRD, the LkSG or the HinSchG must be observed. At the same time, data protection compliance has become considerably more important as a result of the GDPR and IT compliance (e.g. due to the expansion of KRITIS use cases and NIS2). Even if your company is below the respective thresholds, you are still affected by the disclosure of requirements that affect your customers.
Risk management has taken a back seat to compliance management. However, risk management is the comprehensive term! Compliance is “only” one risk category within risk management – alongside operational and strategic risks as well as risks in (financial) reporting. It should therefore always start with an overall view of the company and industry-specific risks to be managed. A functioning compliance management system (CMS) must be embedded in a functioning risk management system (RMS).

(Forensic) special investigations
If there are indications of deliberate or unintentional compliance violations, the management must investigate them. For the initial assessment, criteria catalogs are used to evaluate the credibility of whistleblowers and the plausibility of the information. A special audit must then be carried out if necessary. Initial protective measures must regularly be taken here and, in order to avoid unwanted publicity, the internal special investigation must be weighed up against the involvement of the criminal prosecution authorities or the state data protection authority or the Federal Cartel Office. At the same time, the rights of data subjects must be protected.
Indications of breaches of due diligence by management and/or supervisory bodies require an analogous approach. Possible breaches of the fiduciary duty of shareholders are also regularly the subject of special investigations (such as competitive activity, betrayal of secrets and similar matters).
The challenge of an internal special investigation regularly lies in the fact that large amounts of data must be searched in a targeted manner and background information on the persons and companies involved must be obtained in order to prove “close relationships”. And finally, it is important to proceed in a legally sound manner when interviewing employees and those affected in order to avoid a subsequent ban on the use of evidence. This is what distinguishes forensic special investigations: They are designed and documented from the outset in such a way that they are “court-proof”.

Cyber security
No company is safe. According to the Allianz Insurance Group’s annual risk barometer, 45% of companies surveyed now consider cyber attacks to be the greatest threat. On average, a successful attack leads to three weeks of downtime. According to BITKOM, the annual damage in Germany alone recently amounted to around 300 billion euros and averaged 1.8 million euros for the companies affected. With 270,000 new malware variants every day, the systems are often overwhelmed with the defense. In addition to system overload, there is also the human factor: around 60% of successful attacks were based on phishing, visiting infected websites or infected e-mail attachments.
Now that large companies have reacted accordingly, medium-sized companies are increasingly being targeted by attackers. Their motivation ranges from “sporting” ambition to economic and competitive espionage to simple blackmail using ransomware – otherwise the IT will be paralyzed or confidential data published. In the case of a medium-sized automotive supplier, where production could only be maintained for a few hours with manual pick lists after an attack and the failure of critical IT infrastructure, the penalties due for the subsequent delivery stop almost cost the supplier its existence.
With the Cyber Resilience Act and the NIS2 Directive, the EU has now created a framework that will affect around 40,000 German companies by fall 2024. It is now urgently recommended that a corresponding security architecture be set up and also certified in accordance with ISO27001.

Investigation of insolvency cases
Insolvency administrators are now faced with a large amount of data to be analyzed in order to determine the date of insolvency maturity and the corresponding knowledge of the management as well as the search for asset transfers before the insolvency date or other fraudulent acts, where “manual” evaluation is often ruled out for reasons of efficiency and time. At the same time, files that may have been deleted must be restored and digital evidence on mobile devices, including chat histories, must be secured and made readable.
This is where professional support in the form of eDiscovery with data analytics techniques comes in handy in order to make the key findings quickly and efficiently.

Our services for you

We support you in individual issues and also combine existing individual parts into an IT-supported RMS including CMS. Our services include

  • Support in fulfilling the (also indirect) requirements of the LkSG (risk inventory, background information on business partners, establishment of a complaints office, …) and dovetailing with the requirements of the CSRD and the Corporate Sustainability Due Diligence Directive (CSDDD)
  • Support in setting up a reporting system in accordance with the HinschG, including taking over the monitoring and evaluation of incoming reports
  • Inventory and evaluation of applicable regulations, operational and strategic risks as well as (financial) reporting and implementation of a risk assessment
  • Development of a holistic RMS/CMS and reduction of redundancies
  • Implementation of compliance training
  • Support in setting up a tax CMS
  • Certification of your system in accordance with the IDW PS 980 or 981 auditing standard

We offer you a comprehensive investigation of the facts that can be used in court, including the following activities:

  • Initial analysis of suspected cases and evaluation; recommendation of further measures
  • IT forensic/eDiscovery (including backup/restoration and analysis of electronic data, keyword searches in documents and sample searches in databases from your ERP system) in strict compliance with data protection regulations and using AI; the data either remains on your systems or is stored and processed by us within Germany
  • Interviews with the employees involved and other persons involved
  • Background research on the persons and companies involved and investigations into the whereabouts of assets
  • Special data analyses with case-specific algorithms
  • Mediation, arbitrator/arbitrator services or private expert opinions for one party
  • Preparation of conclusive documentation for judicial/extrajudicial disputes.

Independent evaluation of transactions “pre- and post-closing” and support in the assertion of legal claims/purchase price corrections

We support you in backing up and analyzing large volumes of data using state-of-the-art technology:

  • IT forensics/discovery (including backing up/restoring and analyzing electronic data, searching for keywords in documents and searching for patterns in databases from your ERP system), including the use of AI
  • Backup and analysis of all communication histories (emails, chats)
  • Preventive screening for violations, e.g. against internal guidelines, data protection violations or
    antitrust violations
  • Use of individual algorithms to analyze specific circumstances
  • If necessary, cooperation with the law enforcement authorities

In all cases, we strictly observe data protection and anonymize/pseudonymize personal data where necessary. All data either remains on your systems or is stored and processed by us within Germany

We support you in preventing cyber attacks and help you to comply with legal requirements and standards:

  • Carrying out a “health check” of the security fundamentals (IT security analysis)
  • Comprehensive advice on your personal cyber security concept, weighing up costs and risks; design of a suitable IT security architecture
  • Support with the introduction of measures, e.g. in accordance with BSI basic protection and preparation for ISO27001 certification
  • Implementation of a KRITIS-compliant security concept
  • Advice on the implementation of NIS2
  • Cyber awareness training for your employees
  • Carrying out penetration and vulnerability tests (red teaming)
  • Review of cloud security
  • Review of web and mobile apps
  • Creation of a business continuity concept
  • Advice on the connection to a SOC (Security Operations Center)

The best prevention can only make cyber attacks on your company more difficult, but generally cannot prevent them completely. We can help you if the worst comes to the worst:

  • Immediate response together with our cooperation partners
    – Which data is affected (deleted, deleted, encrypted)
    – Identification of the attack vector and containment of the attack
    – In the case of ransomware attacks: communication with the blackmailers
    – Analysis of back-ups, setting up parallel systems and data recovery
    data recovery, search for backdoors in the system
  • Crisis management (internal and external communication, coordination of internal departments and external providers/consultants, design of workarounds to restore working capacity)
  • Assessment of the consequences under data protection law (notification obligations)
  • Documentation of the incident and preservation of evidence
  • Communication with insurers and determination of the amount of damage
  • Rebuilding the system and readjusting the preventive measures for cyber security

Download overview

Further information and contact persons

Download overview

Our cooperation partners

Data science, artificial intelligence,
digital transformation,
data-based innovation

eDiscovery, Investigations, Data Analytics & LegalTech Development

Digital sovereignty through
IT security and data protection