Status

This guidance is to help you understand your obligations and how to comply with them. We will have regard to it when exercising our regulatory functions.

What has changed since the last version?

Who is this guidance for?

All SRA-regulated firms, their principals, role holders and employees.

All solicitors and registered European or foreign lawyers.

Purpose of this guidance

This guidance is to help all firms we regulate and all solicitors (wherever they work) understand and manage regulatory risks and issues associated with conducting an internal investigation.

It does not advise on how to make sure investigations comply with employment law. Or how to meet the requirements of other regulatory authorities or law enforcement bodies, such as the police, as that is outside our remit.

We recognise that the process of instigating or conducting an investigation may be handled by an organisation, function or individual we do not regulate. However, this guidance is directed towards solicitors and law firms when they are involved in leading or conducting an internal investigation; whether this is a solicitor working in-house for an organisation that is conducting an investigation, or a law firm conducting an investigation on its own behalf. It may also be informative for solicitors or firms conducting investigations on behalf of another: the key principles set out in this guidance apply equally in this situation.

Internal investigations are an essential aspect of risk management and help to ensure firms and organisations meet their legal, regulatory and employment obligations. A formal investigation will not be required to address every internal issue or matter that an organisation may be called to look into: organisations will face a range of issues from minor disagreements between colleagues to allegations of serious misconduct, criminal offences, or workplace behaviours that may span numerous allegations, require the inspection of voluminous documents or evidence from a number of witnesses. The formality and nature of the investigation process will be a matter of judgment depending on the seriousness, sensitivity and/or complexity of the matter.

However, failing to initiate an internal investigation as appropriate or identify a concern that requires internal investigation – or to carry out an investigation properly – can expose individuals, firms and organisations to significant regulatory, legal, employment, and reputational risks.

We have issued this guidance as we are concerned that:

• A poorly managed investigation could fail to properly identify and manage underlying risks/control weaknesses, leading to serious regulatory breaches and/or the possibility of repeated incidents.
• Internal investigations that are not carried out properly can in themselves give rise to a breach. This could be, for example, if witness evidence is tailored, outcomes inappropriately influenced, witnesses victimised, or disclosure improperly handled.
• Investigation outcomes and reporting that fails to provide a clear and objective assessment of the facts and applicable law risks serious misconduct for concealing or failing to disclose material information, misleading the organisation or others, or even the commission of a criminal offence such as perverting the course of justice.
• There may be circumstances where a client chooses to disregard a report or advice/conclusions on an investigation and then brings in another solicitor who they are able to influence. Our regulatory requirements, including the obligation to act with independence, apply equally to investigations outsourced to external solicitors and firms.

The regulatory framework

Our Principles set out the core ethical values we require of all those we regulate which apply at all times and in all contexts.

Those most relevant to internal investigations are those requiring solicitors and firms to act:

• in a way that upholds the constitutional principle of the rule of law and the proper administration of justice (Principle 1)
• in a way that upholds public trust and confidence in the solicitors' profession and in the legal services provided by authorised persons (Principle 2)
• with independence (Principle 3)
• with integrity (Principle 5)
• in a way that encourages equality, diversity and inclusion (Principle 6).

The standards that are most relevant in our Codes of Conduct and in the order they appear are:

• Not to mislead or attempt to mislead your client or others, either by your own acts or omissions or being complicit in those of others (Paragraph 1.4 of the Code of Conduct for Solicitors and 1.4 of the Code of Conduct Firms).
• To treat colleagues fairly and with respect and not to bully nor harass them. Specified managers of firms are required to challenge behaviour that does not meet this standard. (Paragraph 1.5 of the Code of Conduct for Solicitors and 1.6 of the Code of Conduct for Firms)
• To have effective governance structures, arrangements, systems and controls in place that ensure you comply with our regulatory arrangements as well as other regulatory or legislative arrangements that apply (Paragraph 2.1 of the Code of Conduct for Firms).
• Not to act if you have an own interest conflict, or a significant risk of such a conflict. (Paragraph 6.1 of the Code of Conduct for Solicitors and 6.1 of the Code of Conduct for Firms)
• To make the client aware of all information material to a matter (Paragraph 6.3 of the Code of Conduct for Solicitors and 6.3 of the Code of Conduct for Firms).
• Paragraph 7 of the Code of Conduct for Individuals and Paragraph 3 of the Code of Conduct for Firms which sets out a number of requirements to ensure cooperation with ourselves and other relevant bodies and ensures you take accountability if things go wrong.

This includes the requirement to report to us promptly (or to another approved legal services regulator if appropriate) any facts or matters which you reasonably believe are capable of amounting to a serious breach of regulatory obligations or that we need to investigate or otherwise exercise our regulatory powers. (Paragraphs 7.7 and 7.8 of the Code of Conduct for Solicitors and 3.9 and 3.10 of the Code of Conduct for Firms)

What is an internal investigation?

We use 'internal investigation' to describe a process done by an organisation or individuals within it, to establish the facts relating to an allegation, a concern or misconduct about or related to that organisation or those within it.

This process is key to identifying if there has been any wrongdoing, what led to that wrongdoing and what steps can be taken by way of remediation or to prevent it happening again.

A robust and well-led internal investigation will help to identify lessons learned and promote a culture of transparency and compliance with legal and regulatory obligations. It should give staff, clients, customers and others confidence that concerns will be investigated and acted upon.

If you are involved in or leading an internal investigation, you might find it helpful to:

• check whether your firm or organisation has any policies, procedures or dedicated teams for conducting internal investigations.
• check whether your firm or organisation has any policies and/or procedures on handling confidential and sensitive information and personal data, which is relevant to the investigation process.
• seek advice and support on employment related matters from your organisation's or firm's human resources (HR) Department. If you don't have access to a HR department, you may wish to refer to information from ACAS.

Terms of reference in internal investigations

The process of carrying out an internal investigation can be designed for a wide range of purposes and cover a wide variety of activities. Therefore one size does not fit all and it will be important to make sure you are clear about the scope of the investigation, your own role, the key individuals who need to be involved, and the powers and processes that will be followed. 

To manage the risks associated with a poorly managed investigation, written terms of reference can help to set clear expectations from the outset. The terms can also cover any interdependencies with other processes that may be ongoing at the same time, such as internal grievance and disciplinary procedures. You should ensure you communicate relevant terms with key parties, particularly the subject(s) of the investigation and other teams involved, for example HR, unless it is not appropriate to do so. You may wish to share the terms of reference themselves, however we recognise that where you are not leading the investigation, you may not be in a position to do so.

The areas you should consider include:

• The scope of the investigation, especially what specifically is being investigated and why. While you may wish to keep this broad enough to encompass matters that may come to light during the investigation, this should not be so broad as to lack focus.
• How the facts will be investigated. This may include gathering and reviewing relevant documents or classes of documents, and conducting witness interviews and taking witness statements. And the standard and evidential tests that are being applied to any facts.
• Who will be conducting the investigation, including the roles of those involved as well as those of any relevant third parties.
• Timelines for the various stages of the investigation.
• What information and findings will be shared with the relevant parties and when.
• How all those involved in the investigation will be supported.
• How any personal data and privacy concerns will be handled in accordance with the relevant legislation.
• Confidentiality and legal professional privilege; the level of information sharing with third parties and witnesses and the extent to which individuals' anonymity will be protected.
• The process by which any relevant employment matters will be addressed.
• What the output will be. You should confirm whether this will be a written report, how it will be reported and who it will be shared with, both internally and externally as appropriate. You should be clear about any external reporting obligations, including to us, and how these will be handled.
• Whether and at what stage there will be any opportunity for individuals against who findings or recommendations are made, or the person who raised the concern, to comment on the draft report or factual findings.
• Clarification about who the decision-makers are in the internal investigation process. For solicitors who are working in-house, the decision-makers may be the organisation's governing board. For solicitors in private practice, decision-makers may be the senior partners in the firm.

Acting with independence

The person nominated to lead the investigation will need to be independent of the issue under investigation and maintain their independence throughout the course of it.

If an investigation that you are leading or conducting is not sufficiently independent, this risks a breach of your regulatory obligations to act with independence and to avoid acting with an own interest conflict. This will also risk undermining the outcome on grounds of actual or perceived unfairness or bias and damaging public trust and confidence.

It is important that the following factors are taken into consideration:

• Who commissions and directs the investigation and how far removed they are from the alleged wrongdoing. This includes giving consideration as to who is funding the investigation, and how to ensure freedom from undue influence and avoid perceptions of bias.
• The investigator/s themselves should have no prior knowledge of, or involvement in, the concern or alleged event.
• Whether there are measures that can be put in place, such as information barriers, to maintain confidentiality and independence from any individuals providing advice on the underlying matters.

If you are a solicitor nominated to lead an internal investigation, it will be particularly important that you act with independence and integrity, as set out in Principles 3 and 5. This is to make sure a robust internal investigation delivers an objective, unbiased outcome.

If you are responsible for appointing others to assist in the investigation, then you should make sure that you don't, for example, choose individuals or organisations connected with the events. Or those with pre-conceived views on the likely outcome.

If you are an in-house solicitor and have been appointed as an internal investigator, you should also be sure you are in a confident position to give independent, objective advice to your client. The 'client' for these purposes may not necessarily be the individual or team who has commissioned your advice or with who you have day-to-day interactions. Similarly, when reporting your findings, these are likely to be addressed to senior decision-makers and not necessarily the individuals who commissioned your report. Please see our separate guidance for in-house solicitors on identifying your client.

In-house solicitors can experience pressures from senior leaders to take steps or reach conclusions that inappropriately pre-empt or influence the outcome of an investigation. We have also heard about outcomes of internal investigations being blocked from being reported, or outcomes being manipulated, before being presented to the governing Board. If this is the case, you will need to resist being pressured or persuaded to act without independence, and consider reporting the conduct or behaviours you have experienced. Please see our guidance on reporting client wrongdoing for in-house solicitors, and our guidance on your obligations to report to us.

You will need to be clear that you can act free from bias. You should therefore not be involved in an internal investigation if the subject matter concerns issues which have already had or may, in the future, have an impact on you as an employee. Or in matters in which you are likely to be a witness of fact.

Equally, you must consider whether there is a possibility that later down the line you may be asked to provide legal advice to your employer on any matters related to the internal investigation, in which case there is a potential for a conflict of interest to arise. For example, where your employer subsequently has a claim brought against it in relation to the handling of the investigation. If this is the case, you should speak to your employer or line manager, as you will be unable to carry out both roles and will need to consider alternatives.

Appointing an external investigator

You may wish to appoint an external investigator; for example, for capacity reasons, or to access subject specific expertise; or technological systems or resources, for example to analyse or handle documents or data.

Appointing an external investigator may also help to guard against conflicts of interest or perceptions of bias. This may be particularly relevant where the allegations being investigated are against individuals at executive or board level, given the influence those individuals might have or be seen to have over the investigation. However, that is not to say that it wouldn't be appropriate for an in-house solicitor or general counsel to lead an investigation against an executive colleague or board member. In all cases, whether it is feasible for an in-house solicitor or general counsel to lead or conduct an investigation will depend on their ability to demonstrate they are able to act with independence as set out above.

Managing the investigation process

Supporting people involved in the investigation process

Being involved in an investigation can be difficult for all concerned. It is important that everyone receives an appropriate level of support, including the person who has reported the issue, and any witnesses. The subject of the investigation will also need support. This will include making sure the process is fair and that their rights to be represented or accompanied and to receive and respond to evidence or findings are fulfilled.

You should be clear what support is available for people involved in the investigation, who will provide it and how. This may include giving certainty about the timeframes for interviews and what is required of the individual, as well as providing multiple options as to how to participate, such as participating in writing instead.

You should be alert to red flags that indicate any individual is at risk. Being involved in an investigation can significantly impact the mental health and well-being of all individuals concerned, including the person who raised the issue, and the subject of the investigation. It is important to recognise the emotional and psychological effects that may arise. Where there are red flags, you will need to consider how to minimise the risk to individuals as far as possible. This may include seeking specialist advice, referring the individual concerned to a specialist support service, making adjustments to the process, and/or pausing the investigation.

Treat all people and issues fairly. Do not condone the victimisation of anyone who raises a concern. This includes complaints or concerns raised by one member of staff about another, for example, allegations of sexual misconduct, bullying, or fraud. Our guidance on the workplace environment highlights the importance of creating a culture in which people can speak up, and the regulatory risks of failing to do so.

Where an investigation is commenced following a disclosure by a whistleblower, additional support may be required to ensure the individual's anonymity and to protect them from the risk of victimisation.

Interviewing those involved in the process

It is important that where you are conducting an interview as part of the investigation process the employer should ensure reasonable adjustments and accommodations are made, where appropriate.

You should also document the interviews as part of the evidence gathering process. The notes that you keep ought to be clear and accurate, and must not mislead by omission. It is important to make records at the time that events happen or as soon as possible afterwards and include details of any actions that you have taken. You will want to consider whether and, if so, how you will share interview notes and transcripts with the interviewee and the process for seeking agreement to the record of their evidence.

It is also important that evidence is appropriately obtained. Issues can arise if the investigator isn't adequately trained, asks leading questions, or the interview is arranged or conducted in any way which means that the person being interviewed cannot answer questions freely. It is not acceptable for anyone to influence witnesses or inappropriately influence the course of an internal investigation in any way.

It may not be possible to speak to all of those involved if, for example, an employee has left the firm. If someone relevant cannot be interviewed or leaves the firm/organisation, you should record that you did not have the opportunity to put the allegation to or speak to the individual. You must be transparent as to the evidence that ultimately has been relied upon in any findings.

Managing and recording evidence

At the outset of the internal investigation, it is important to think about preserving the available evidence as memories fade fast and people leave the organisation. And to make sure underlying documents and data are not lost or destroyed. You should consider whether technical support is needed to save and recover electronic files and communications.

The types of evidence gathered during the course of an investigation might typically include text messages, emails, documents, policies etc. It is also helpful to think about gathering other forms of evidence such as online calendar-recordings, which are often relevant and sometimes missed. CCTV is often written over after a number of days, so is especially time critical. Metadata can be important to preserve when there is a question about when documents were created or deleted.

Concluding an internal investigation – decision-making

We would expect the investigation to be concluded fairly, and without undue delay relative to the nature and scale of the subject matter and all the parties involved.

Reporting

The output of the investigation will typically take the form of a report. This will include factual findings about what happened and possibly why. The report may also include recommendations, for example sanctions or remedial actions.

If the investigator also has a role in decision making, this should be clear in the terms of reference. And consideration should be given to whether this raises any question as to their independence as a decision-maker and, if so, how independence will be maintained.

Once the outcome of an internal investigation has been reported internally to the appropriate decision-maker, it will be important to reconsider whether the outcome of the investigation needs to be disclosed externally. And how any remedial measures identified should be enacted and monitored, as anticipated in the terms of reference.

When should you notify us?

Where you consider that an individual or firm we regulate may have been implicated in the wrongdoing identified by your investigation, you should consider your reporting obligations as set out above.

You may need to report a matter to us before an investigation is concluded. Whether or not something should be reported, and if so, when, is a matter of judgment, which will depend on the individual facts and circumstances. If you are unsure about whether to make a report, you should err on the side of caution and do so.

For more information, please see our reporting and notifications guidance and enforcement strategy.

It is important to note that a settlement agreement would not prohibit us subsequently carrying out a full investigation. We may still need to speak to all of the individuals concerned – including former employees and witnesses in the investigation. Confidentiality agreements cannot prevent workers from making protected disclosures. We have issued a warning notice which sets out more information about our expectations on the use of NDAs.

When making a report to us it is useful to provide:

• date of incident or timespan of issues arising
• date you or your organisation became aware
• how you became aware
• parties involved
• what action the organisation has taken to date to address the issue, and where relevant across the organisation as a whole
• what the impact has been/could be (eg number of clients, amounts involved)
• whether insurers have been notified and their initial response
• actions taken to prevent recurrence
• whether the internal investigation has concluded or is still ongoing (if the latter then what further work needs to be performed and likely date of conclusion)
• any next steps or further actions.

Our own investigations will be supported by evidence gathered as part of internal investigations which are fair, robust and impartial. And this helps to make sure we can conclude our investigation more swiftly and avoid unnecessary duplication.

We will always have to properly assess the integrity of the evidence, including how it was obtained, stored and secured, and disclosed to people as part of the internal investigation. For example, in a case involving misuse of funds, it is important to be clear about who has access to the relevant systems and, to avoid questions about the authenticity of documents, to obtain documents with electronic date stamps.

We may nonetheless wish to investigate the matter, or an aspect of a matter, ourselves – for example because our focus is different, or because we need to gather additional evidence.

If you need any help in reaching a decision whether to make a report, you can:

• contact our Professional Ethics helpline
• make a confidential report through our Red Alert line.

We have also have guidance to help you to understand how we assess reports and complaints about those we regulate.

Should your require reasonable adjustments to support this, please see our policy for further details.

What has changed

The following summary outlines the key changes made since the draft guidance was published in March 2024. It reflects both the input from respondents and our commitment to delivering clear, practical guidance that supports in-house solicitors.

You said: There needs to be further information on understanding and managing regulatory risks associated with internal investigations.

We did: We added more detail to highlight our concerns about the risks where an investigation or investigation report is poorly or improperly conducted/prepared. 

You said: We need more clarity on the internal investigation process.

We did: We clarified the fact that there is no one size fits all. We expanded our guidance to highlight the relevant considerations to have in mind, the importance of clear communication with the parties to an investigation, and the role written terms of reference can play. The areas covered include information on establishing facts, managing evidence, and maintaining independence during investigations. This includes advice on handling confidential information, and ensuring fair treatment of all parties involved. We outline steps for gathering evidence, conducting interviews, and documenting findings to ensure a thorough investigative process.

You said: We need further information and guidance on supporting individuals involved in investigations.

We did: We have highlighted the importance of providing appropriate support to all parties involved in an investigation, recognising the potential emotional and psychological impacts. And the importance of fair treatment, protecting whistleblowers from victimisation, and ensuring that interviewees have access to necessary support services.

You said: We want additional resources for support and clarity around reporting.

We did:  We expanded the 'further help' section to include a signpost to ACAS and referenced our Professional Ethics helpline. We have detailed when and how to report matters to us and included more details surrounding reporting concerns in our separate guidance on that topic.

Further help

Information on help and support for solicitors.

Protect, the UK's whistleblowing charity has detailed information on whistleblowing as a solicitor. They also run a free and confidential adviceline.

ACAS gives employees and employers free, impartial advice on workplace rights, rules and best practice.

If you require further assistance, please contact the Professional Ethics helpline.

Related guidance

We have produced a suite of guidance to support in-house solicitors which you may find it useful to read, relating to:

• Identifying your client when working in-house
• Key points for governing boards, chief executives and senior officers in organisations employing in-house solicitors
• Legal professional privilege when working in-house
• Reporting concerns about wrongdoing when working in-house
• Understanding in-house solicitors professional obligations employer