When things go wrong, authorised firms will generally want to conduct internal investigations to get to the bottom of possible failings or misconduct within their organisation. These investigations are important for understanding properly what has gone wrong, what has caused it and what actions should be taken as a result.

When the firm’s engagement with the FCA is required (and the question of self-reporting and SUP obligations will routinely arise), firms can find themselves navigating through tricky waters if they wish to try to keep documents produced for the purposes of these investigations privileged and confidential, whilst at the same time co-operating fully with the FCA.

On 5 November 2015, the High Court ruled in Property Alliance Group Limited v The Royal Bank of Scotland Plc [2015] EWHC 1557 (Ch) that “without prejudice” correspondence and dialogue between firms under investigation and the FCA, which may include admissions by the firm and material prejudicial to it, would not be disclosable in litigation. Furthermore, discussions between lawyers and their clients during the course of regulatory investigations would also be protected under the cloak of privilege. The case is helpful to firms facing litigation in the aftermath of FCA enforcement.

On the same day as the RBS judgment was handed down, Jamie Symington, Director in Enforcement at the FCA delivered a hard-hitting speech urging firms not to allow legal privilege arising from investigations to interfere with the need to deal with the FCA on an open and transparent basis. He said that whilst firms are entitled to claim privilege, it is important to strike a balance to ensure that privilege does not become an “unnecessary barrier” to sharing the output of an investigation with the FCA.

The key point here is to establish with clarity what is the nature, scope and intended purpose of the investigatory report to be produced: often, in practice, what will be needed for pure regulatory investigatory purposes is a fact-finding investigation and report (not legal advice) which a firm might choose to provide to the FCA. Nevertheless, a tension can arise between asserting a legal entitlement (privilege) and co-operating fully with the FCA.

So what should a firm do? How should firms conduct their internal investigations in a way that: (a) protects their position; and (b) enables them to engage appropriately with the FCA? Although there isn’t an easy answer or a “right way” to conduct internal investigations, we have put together some useful tips and hints to help you and your firm navigate through the internal investigation process in a way that aims to strike this balance.


As soon as you become aware of a situation where an internal investigation may need to be conducted, you must not delete or destroy any relevant documents. Any routine document destruction process should be suspended.

Identify, isolate and image all sources of potentially relevant documents, in both physical and electronic form (for example IT servers, computer hardware and backup tapes). Discuss with your legal adviser whether an IT forensic services provider is required to assist with this.

Establish an investigation team and scope your report

Establish a defined team tasked with dealing with the investigation. This is necessary because privilege (if it applies) is more easily applied to a defined group of individuals within an organisation.

The team should normally be comprised of the business’ in-house lawyer(s) (if available), key business decision makers, the appointed legal advisers and any appointed IT forensic services provider. You may also include outside experts in relevant cases.

Communications regarding the investigation should be restricted to the investigation team and should not be circulated more widely to other employees or other third parties since this may result in a loss of privilege or confidentiality in the communications and also other connected communications/documents. The investigation team can of course report to the board of directors as required with input from legal advisers.

Establish secure systems

Consider establishing a secure email address with which to communicate with external lawyers in order to minimise the risk of discovery or a leak of sensitive information regarding the investigation.

Consider also establishing a secure document depositary for a copy of all relevant documents to be kept without the risk of unauthorised access, alteration or destruction.


Speak to your lawyer for advice on how best to communicate so as to support any claim made for privilege at a later date.

Marking all communications regarding advice “Strictly Confidential and Subject to Legal Privilege” will assist but is not definitive.

Always keep legal advice separate from other content.

Document creation

As a general rule, it is best not to create documents without consulting and involving external lawyers.

Particular care is to be taken with board minutes, for example.

Remember to check an email chain’s content before you forward it on. Be wary of accidentally forwarding on legal advice.

Investigation reports

Any report on the investigation and its findings should be drafted with the input of lawyers (in-house and/or external) to assist a claim for privilege. The report should of course be stated on its face to be “Confidential and Legally Privileged”, and you should avoid the unnecessary circulation of reports on Investigations.

You can then take a decision, on advice, on whether and how to share the report or its findings with the regulator so as to minimise the associated risks.