The Organisation as the Cure for Its Own Ailments: Corporate Investigators in The Netherlands

Public/private relations in the field of security attract considerable academic attention. Usually, the state is central to the analysis, focusing on the diminishing role of a previously dominant state. The role that organisations themselves play in the investigation and settlement of their internal norm violations is, however, much less researched. An emphasis on the role of the state downplays the importance of such actions. This research paper, based on qualitative data from the Netherlands, highlights the role of the organisation as the principal actor in corporate investigations and corporate settlements. The legal constraints upon and day-to-day activities of corporate investigators are considered and the consequences of the distance between public law enforcement actors and corporate security are reflected upon. The paper arrives at the conclusion that the limited insight into the measures taken by organisations in response to internal norm violation can be considered problematic from a democratic, rule-of-law point of view. The freedom of action enjoyed by organisations within the private legal sphere makes oversight and control quite challenging.


Introduction
In a case of theft and fencing of company property, multiple reactions were chosen against the people involved. There have been two reports to the police and two civil actions. In addition, assets were seized through civil measures, settlement agreements were used for the repayment of damages, twelve employees lost their job and eight employees received an official warning. [Case study 11-Meerts 2018] It is not uncommon for instances of corporate and white-collar crime to be settled without the interference of criminal court (see for example Beckers 2017). Organisations tend to take their own measures-either with or without a criminal prosecution or settlement. These 'corporate settlement measures' are often based on corporate investigations, conducted by specialised investigators (Meerts 2018). With corporate settlement measures are meant those "solutions to norm violations, which may be derived from public law (criminal law), private law (contract law, tort or labour regulations) or internal regulations (of specific organisations)" (Meerts 2018, p. 22). This definition of corporate settlement is quite broad and contains both measures that are completely internal to the organisation (such as the official warnings in the case cited above) and measures that are external to the organisation (such as the criminal cases against the two employees in the case cited above). Although the criminal case itself is not a corporate settlement measure-the decision whether or not to prosecute lies with the prosecution office, not with the organisation-the decision to officially report to law enforcement authorities is. Reporting to law enforcement authorities is one of the options available to an organisation faced with internal crime.
The aim of this paper is to examine corporate security as an avenue of control exercised by organisations over their employees. The corporate security sector is under-researched: not much is known about the day-to-day activities of corporate investigators. This is an important gap in our knowledge, especially when we take into account the large and growing involvement of private parties in responding to undesirable behaviour (Walby and Lippert 2014). The paper thus aims to fill the gap in our empirical knowledge about corporate investigations, and to place this in the context of a recurring debate: that of public/private bifurcation (see Section 2 for more on this). The corporate security sector is defined here as a highly specialised market for corporate investigation services. 1 Although corporate investigators may be involved in additional activities (such as pre-employment screenings and drafting and implementing integrity codes), the investigative activities of corporate investigators are the focal point of this paper. 2 Investigative activities are mainly constituted by forensic accountancy, (private) investigations more generally, IT investigations, asset tracing, and (assistance with) settlement and prevention tactics (Williams 2005;Meerts 2013). Clients of corporate security may be both commercial and (semi-)public organisations. 3 This last category of organisations is an important source of clients for corporate investigators: in the Netherlands, the 25 largest municipalities have, over the last five years, ordered the investigation of more than 1900 internal norm violations. 4 In this research the following groups are considered to be part of the corporate security sector: private investigation firms, in-house security departments, forensic accountants and forensic (departments of) legal firms. 5 This paper considers the role of corporate investigations in the identification and settlement of internal norm violations within organisations. The fact that the norm violation is internal to the organisation is important, since it provides the organisation with more possibilities to act upon the behaviour than when there is only external involvement. 'Norm violation' is a broad-scope concept, which may be used for all types of employee behaviour deemed problematic by an organisation. This 'problematic behaviour' may concern (alleged) criminal behaviour such as fraud, but it may just as well be about behaviour that is considered undesirable from the point of view of owners and managers of organisations, for example behaviour that is non-compliant to internal regulations (Richards 2008). All kinds of undesirable behaviour may be investigated by corporate investigators (see also below); however, many incidents that are investigated by corporate investigators have an economic background (theft, fraud, favouritism in the granting of contracts, and the like) (Williams 2006a). 6 As a result of the employment relationship between the organisation and the person who is the subject of investigation, corporate investigators have extensive access to information. Although corporate security actors do not possess the formal powers of investigation enjoyed by law enforcement, their possibilities of investigation are extensive: through the (property) rights of the organisation as an employer, they are able to use much information about employees (for example by accessing internal systems). Additionally, the professional backgrounds of corporate investigators makes them adept in investigating open source data and in using investigative tactics (such as interviewing involved persons 7 ). After investigations are concluded, corporate investigators may assist organisations 1 Corporate security is a term that is often used in a much wider sense. In such a definition, all security-related activities of (mostly) in-house security are within the scope. Investigations are then part of corporate security but so are surveillance and other activities relating to physical security. In this paper, the focus is on investigations.
2 Corporate investigators may also be involved in compliance functions. Although compliance may involve investigations, the main aim of compliance is prevention: measures and procedures are put in place to ensure compliance to rules. Corporate investigations, by contrast, focus on the situation in which prevention has failed and norm violations have occurred. 3 In the case of an in-house corporate security department, the 'client' and investigator are part of the same organisation: for example the organisation's management. 4 See NRC 28-02-2018 (https://www.nrc.nl/nieuws/2018/02/28/meer-onderzoek-naar-integriteit-door-gemeenten-a1594055). 5 Forensic accountants and forensic legal investigators (lawyers) differ from regular accountants and lawyers with regard to their main activity. Regular accountants audit the financial administration of an organisation as part of their legally defined task, and regular lawyers are hired to represent their client in legal procedures. Forensic accountants and forensic legal investigators, by contrast, are hired to investigate as a result of a suspicion of a norm violation. 6 This is not to say that corporate investigations are only conducted with regard to matters of economic crime. Other categories of behaviour which are often investigated internally include, for example, privacy violations and data leaks. 7 An 'involved person' or 'subject' is what in the context of a criminal justice procedure would be called a 'suspect'. However, because corporate investigators lack formal powers of investigation and the formal procedural guarantees available in in finding a solution, either by 'going public' (reporting to law enforcement) or 'staying private' (for example settling the incident as a labour dispute).
One of the characteristics of corporate investigations and 'corporate justice' is the emphasis on confidentiality. This, together with the view held by organisations and corporate investigators that the criminal justice system is inefficient and in most cases will not provide a suitable solution, means that most white-collar crimes that have been investigated by corporate investigators never reach the criminal justice system. It follows that the knowledge of the state about such internal investigations is fairly limited.
The above considerations culminate in the following research question: What is the role of corporate investigators in the investigation and settlement of norm violations within organisations? To answer this question, we need to examine (1) the legal frameworks within which corporate investigators operate (sub-question 1), (2) the investigative methods corporate investigators may use (sub-question 2) and (3) the settlements that are possible as a response to the corporate investigations (sub-question 3). These questions are answered with the help of empirical material collected in the context of this research.
The theoretical framework that provides the context for the discussion of the empirical findings is discussed in the next section of this paper. This is followed by the explication of the research methods that have been used to collect data. Section 4 examines the legal frameworks within which corporate security actors operate (sub-question 1), followed by Sections 5 and 6, which discuss the activities of organisations and corporate investigators in this context (sub-question 2 and 3). The paper is concluded by a discussion of some ethical issues and governance limitations of current practices in corporate security. It is concluded that the market for corporate investigations can be seen in the framework of a private/public demarcation: corporate investigators operate quite independently from the criminal justice system. While this situation has its advantages, it is argued that from a democratic, rule-of-law point of view it may be considered problematic.

The Theoretical Framework-Public/Private or Private/Public?
Traditionally, governments are tasked with the prevention and repression of crime (Van de Bunt and van Swaaningen 2005). The monopoly over legitimate use of force is commonly seen as the essential tool for governance by states (Weber 1946). 8 However, it is now widely recognised that from a historical perspective this situation is rather new (Garland 2001). This realisation has gained much academic attention under the banner of the shift from 'government' to 'governance' (see for example Lea and Stenson 2007). State actors, private actors and non-governmental organisations are now commonly seen as governing (global) society (see for example Willetts 2011). When it comes to the governance of criminal behaviour, however, the scientific community still seems mostly concerned with state action against crime (Hoogenboom 2007). Over the years, a wide range of publications has emerged, focusing on regulatory agencies (see for example Mascini and van Erp 2014), civilians (see for example Van Steden 2009) and private security professionals (see for example South 1988). Security provision is no longer seen as being the sole responsibility of law enforcement agencies: even within the context of the state, regulatory agencies, special investigative units within ministries and the input of local government are all seen as contributing to the provision of security (Van de Bunt and van Swaaningen 2005).
Academic attention for the contribution of private actors usually does not focus on the investigation of norm violations by the organisation within which the norm violation occurred. Rather, the preventative function of private security is researched. In this context, public/private relationships a criminal justice procedure are not present in corporate investigations and settlements, criminal justice terminology is avoided here (see also Meerts 2018). 8 With this is meant not just the actual use of force but police powers in general. are often conceptualised along the lines of a private sector complementing a dominant state. 9 In this line of reasoning, concepts such as privatisation and responsibilisation are used to indicate that the state involves private parties, either by privatising some of its activities, or by mobilising private actors to get involved in the provision of security (Garland 2001). Relations between the public sector and private security are, then, mostly conceptualised in the context of private parties' utility within the state agenda through cooperation (Hoogenboom and Muller 2002;Hoogenboom 2009;Dorn and Levi 2009;Cools et al. 2010). A popular theory in this line of reasoning is the junior partner thesis, first introduced by Kakalik and Wildhorn. According to this theory, public actors may use private security actors as a junior partner to advance the goals of the state (Hoogenboom 1988). In this view, private actors fill the void that was created by the inability of law enforcement actors to meet security demands. Private actors are considered to be complementary to public actors and to focus on preventative action.
An alternative perspective on public/private relations in this field may be derived from the work of James Williams, who sees the corporate investigations market as a commodification of internal norm violations, through the marketing of a professional service which is directly responsive to organisations' needs (Williams 2005; see also Meerts 2016). Corporate investigators provide organisations with the means to investigate and settle a norm violation without involving public law enforcement (Meerts 2018). Instead of thinking in terms of public/private relations, with private security serving as a subsidiary to the state, we should, therefore, take the private sector as our point of departure.
This research takes this last approach: the activities of corporate investigators are examined as an independent professional activity, not as a subsidiary of the state. Such an approach sensitises us to the context in which corporate investigators work and opens up a field of research, in which corporate investigations and settlements are considered as distinct and separated from criminal justice investigations and solutions. Insofar as it becomes necessary to bring the state back into the analysis, this may invoke what Dorn and Levi (2009) once referred to as private/public relations, reflecting the leading role of providers of private justice. The empirical data is considered along the lines of the private/public model, in which the state is seen as a supplement to the efforts of the private sector, instead of the other way around (such as is the case in junior partner theory). This does not imply a normative judgement at the onset, either in favour or critical of the corporate security market-although the need for such judgement may present itself once such analysis is done.

Methodology
The research question posed in the introduction of this paper is answered based on qualitative data gathered between October 2012 and March 2016. 10 The main source of information for the research consists of 59 semi-structured interviews that have been conducted among corporate investigators, clients and law enforcement professionals. This type of interview can be defined as an expert interview (Baarda et al. 1996). One advantage of an expert interview is that respondents are generally well-informed and, as a result, the interview should provide rich information. Additionally, the interview process may be more efficient. A challenge might be that experts, and especially those in management and higher positions, are often pressed for time and difficult to reach because they are shielded by administrative staff. However, the use of gatekeepers mitigated these issues in this research. Respondents were approached through gatekeepers and snowball sampling, making use of previous contacts and previous research by the author. For each group of respondents, a slightly modified topic list was used, so as to take full advantage of the knowledge of the respondent. However, to ensure that the research question and sub-questions can be answered, the following topics were part of every interview: professional background of the respondent; types of cases in which corporate investigators are involved; reasons for corporate investigations/settlements; process of the investigations; process of settlements; regulation; public/private relations; and general opinion regarding the existence of corporate security. At the conclusion of each interview the question was posed whether the respondent felt any important subject had been neglected and whether he or she had suggestions for prospective respondents. The purpose of this is to minimise the possibility that important subjects and respondents are ignored. Interviews had an average duration of one hour and eleven minutes, with outliers of 23 min (the shortest interview) and two hours and fifteen minutes (the longest interview). All interviews were conducted face-to-face. The majority of the interviews was with a single person, however, four were conducted with two respondents at a time. When possible, the interviews were recorded to be transcribed verbatim at a later point in time. Some respondents did not consent to being tape-recorded, in these cases extensive notes were taken.
The minority of respondents in this research was female (10), the rest were male (49). Most respondents fall into the age group 40 to 60 years old and have substantial (more than 5 years) work experience in the field of financial crime (this is not the case for the clients, who have, however, substantial work experience with regard to corporate settlements). Most of the professional activities of respondents were conducted in the Randstad, which consists of the four largest Dutch cities (Amsterdam, Rotterdam, The Hague and Utrecht) and their surrounding areas. The activities are not limited to this geographical space, though, as respondents execute their work all over the Netherlands (and abroad). Respondents had a high average education level (academic education), with the exception of police respondents, who generally had a lower education level (being trained within the police organisation itself). Table 1 provides an overview of the respondents of this research. Respondents are found among three main groups of professionals: corporate investigators (33), law enforcement professionals (16), and clients (10). Within these groups we can further differentiate. Within the group of corporate investigators, ten respondents work for private investigation firms, eighteen for an in-house security department, five for a forensic accounting department and three for a forensic (department of a) legal firm. As can be derived from Table 1, the forensic legal investigators had a double role, as respondents were investigators in some cases and clients in other cases. 11 The corporate investigators who have been respondents for this research were employed within 22 different organisations. The law enforcement professionals who participated in this research worked for the police (eight), the prosecution office (five) and the investigative department of the Dutch revenue authority, FIOD (three). All law enforcement respondents had a background in financial crime. Clients, finally, were HR personnel (one), labour lawyers within the organisation (four), external lawyers (three) or general management (two). All clients interviewed in this research were employed by a different organisation (ten). These numbers show that respondent groups are not represented to the same extent in this research. The decision was made to focus on corporate investigators for two reasons. First, this group is most important for the research question since the activities of corporate investigators are central to it. Secondly, the wide variety of backgrounds among corporate investigators made it necessary to include more corporate investigators in the research than other respondents. Respondents indicate that corporate investigators are used to investigate a wide variety of norm violations (both criminal and non-criminal). Many of these have a financial component such as fraud, theft, corruption or embezzlement. 12 Corporate investigators are, however, also enlisted to investigate norm violations that provide no direct financial gain, such as data leakage, breach of privacy, breach of trust, sexual harassment and unauthorised ancillary activities. The norm violations that are investigated by corporate investigators range from small (petty theft or the leakage of minor information) to substantial (millions of euros in fraud). The corporate investigators included in this research work for a wide variety of clients. In addition to (semi-)public organisations (including charities, municipalities and schools), clients may be active in all economic sectors (for example: the financial sector, telecommunications or logistics). Respondents do indicate, however, that most of their clients are medium to large-scale organisations, which respondents attribute to the costs of investigations. All data 13 gathered are treated with utmost confidentiality and have been anonymised to ensure that no information can be traced back to any respondent or his or her employer. No parts of this research were covert and informed consent has been attained at every step (Laenen and O'Gorman 2016). The paper should not be regarded as generalising to the Netherlands as a whole; the statements made are indicative of the respondents in the research (who, however, do suggest that their statements are more generally applicable).

Legal Frameworks and Supervision over the Corporate Security Sector
To gain insight into the corporate investigations industry, it is important to start with an examination of the legal frameworks within which the market operates, as specified in sub-question 1 of this research. Respondents indicate that the state has very little insight into what happens in the corporate security sector. One of the reasons for this is the highly fragmented nature of the sector. Multiple actors, all with their own regulations and processes of control, combine to form a 'corporate security sector' which is used by organisations to react to norm violations. The most prominent of these are private investigation firms, in-house security departments, forensic accountants and, added most recently, investigative (departments within) legal firms. The various investigators use the conceptual differences between them as a commercial advantage over other investigators.
You know, an investigation has different dimensions, you have a financial part, a technical part, an operational part. And sometimes you need one type of investigator because he is better at that particular part than others because of his background and experience.  This quote of respondent 13 shows that certain investigators are better equipped to investigate a specific matter than others. An in-house investigator may for example be a good choice when complicated internal processes within an organisation are involved, since the in-house investigator knows the organisation. On the other hand, when it is deemed important that an independent party investigates the matter, external investigators may be more suitable. In complicated financial cases a forensic accountant will be the obvious choice. When multiple (international) jurisdictions are involved, a legal investigator with extensive legal knowledge might be chosen. There is, however, a tendency in the market to diversify the background of staff. In this way, corporate investigators may make use of multiple specialisms, according to the specific demands of the case at hand. Most corporate investigation units are, therefore, a mixture of professional backgrounds.
Seen in this light, the fragmentation of legal frameworks regulating corporate investigative activities might become somewhat problematic. The legal framework that applies is dependent on the label an investigator wears. Some regulation applies to all: no corporate investigator is allowed to break the (criminal) law during his investigations and all have to take the Data Protection Act) 14 into account. As there are no private formal powers of investigation, the Code of Criminal Procedure, regulating the use of powers of investigation by law enforcement agencies, does not apply. This limits investigative possibilities (corporate investigators may not, for example, enter premises without explicit consent) but it also creates opportunities and flexibility. Within the limits of what is proscribed by law, corporate investigators have considerable room of manoeuvre.
The legal framework that is applicable is dependent on the type of investigator. Of the four groups-in-house investigation departments, private investigation firms, forensic accountants and forensic (departments within) legal firms-only private investigation firms need a permit under the law regulating private security and private investigation firms (Wpbr). The control over this permit is located with the police but this is now a purely administrative process (Klerks 2008). As a result of this law, private investigation firms need to implement a Privacy Code of Conduct similar to the one issued by the representative organisation for the Dutch security market (NVb) and declared binding by law to all private investigation firms. The Privacy Code of Conduct provides the most specific regulation for investigative activities.
Although forensic accountants and legal investigators are regulated by a general legal framework, these laws are not constructed to deal with investigative activities-rather, they are focused on traditional accounting activities and the traditional role of the lawyer. Both these professional groups do have disciplinary proceedings and in the case of forensic accountants, these disciplinary proceedings are specific to investigative activities (Meerts 2018). For accountants, some general guidelines for person-oriented investigation have been issued, and although these may be used in disciplinary proceedings, they are guidelines and as such not legally binding (NIVRA/NOvAA 2010). When it comes to in-house investigators, these professionals only have the internal guidelines of their company to follow (in addition to the generally applicable laws on criminal behavior and dada protection, as cited above).
In spite of the differences in legal frameworks, fieldwork does suggest that all groups tend to adhere to the Privacy Code of Conduct for private investigation firms. In the case of forensic accountants, the guidelines for person-oriented investigation specifically refer to the Privacy Code of Conduct to be used as a guideline by forensic accountants (NIVRA/NOvAA 2010). Respondents indicate that they are focused on legal principles, such as proportionality and subsidiarity-principles that are central to the abovementioned guidelines as well. However, as this is largely on a voluntary basis, compliance is not guaranteed. The diversification in the corporate investigations arena and in legal frameworks and control create a fragmented field in which the state has very little knowledge about actual activities. Democratic control over the corporate security sector is very limited. Control over corporate investigations is, for an important part, reliant on the ethics of individual investigators and on the client. This places much responsibility on organisations using the services of corporate investigators (Meerts 2018).

Corporate Investigations
For an important part, the influence of the organisation is exerted at the start of the investigative process and at its conclusion (by deciding on a settlement), and much less during the investigations. Investigations commonly start with an assignment letter by the organisation that is faced with the norm violation. 15 The client organisation can assert much control over the investigations by framing the assignment in a certain way. Although corporate investigators endeavour to be independent and objective, they are reliant in a large degree on their clients. Partly, this is created by the fact that the investigative possibilities of corporate investigators rely heavily on the rights an organisation has to exert control over its employees (Schaap 2008). Through the employers' (property) rights in relation to, for example, employees' work computers, corporate investigators have access to the information stored on these devices.
The way in which the assignment is framed determines the scope of the investigations. Respondents indicate that they are aware of the possibility that their investigations could be used for improper purposes and they try to avoid such situations. However, this is not always easy to determine in practice.
Imagine that a CEO comes to you and says, 'look I have Mr. Jones here and he's in his late fifties, rather expensive, we would like to get rid of him but firing him would be expensive so could you have a look at his expense account and see whether you can't find something or other'. Well, no, sorry, we don't do that.
[But] it's not always that straightforward because if the same person contacts us, saying 'we think that Mr. Jones is fiddling with expense accounts for this or that reason ...' The story is the same, it's just told differently. So it's not always possible to know exactly but you have to try. That's why an intake [conversation between client and investigator about the case] is so important, to get an impression of the context of the case, what kinds of signals are there, how were they discovered, is it specific enough to warrant investigation? [Respondent 2-corporate investigator] The possibility to have a measure of control over the investigations and over the information that might flow to the public realm is one of the reasons for organisations to enlist the services of corporate investigators (Williams 2005). This means corporate investigators have to find a balance between the interests of clients and their own objectivity and independent position. One way in which corporate investigators try to prevent organisations from unduly influencing the investigations is to not communicate with the client about preliminary findings. However, clients are commonly notified about the general progress of the investigations.
The investigative possibilities of corporate investigators are substantial, and with technological progress, constantly expanding. For the purposes of this paper, it suffices to discuss the four main sources of information: documents; (internal) systems; open sources and personal contact (Meerts 2016). Inspection of the internal documentation is often used as a starting point for investigations: financial administration, invoices, contracts and other documents are used to form an indication of the issue at hand. As a corporate investigator explains: We usually start with the records. And that is a very broad concept of course. There are financial records, digital but also hard copy. Digital is for example the books and hard copy the invoices, source documents, everything that the books are based on. [Respondent 5-corporate investigator].
Apart from (financial) documentation, much information may be derived from the internal systems at place in an organisation. Typically, these systems are not created for investigative purposes, but they may nevertheless be used in the context of an investigation. Personnel log files, camera systems and track-and-trace systems are examples; communications systems (such as email and phone records) and data carriers (such as computers, external memory-drives and smart phones) also fall within this category. As long as the organisation is the owner, these sources may be accessed by corporate investigators (Schaap 2008). Respondents indicate that they are hesitant to use more intrusive investigative measures, such as accessing the content of emails or audio-taping telephone conversations conducted on employer premises or via an employer mobile phone. Although allowed by law, the weighing of the widely-used principles of proportionality and subsidiarity often means that investigators use less far-reaching alternatives, such as analysis of phone records to see with whom the person has been in contact.
The thing is, people's actions in the context of the company are done with company means, during working hours, regarding the company's clients. So they have some right to privacy but this is not absolute. People need to know that. These key cards-they register attendance and we're not here to check whether or not you came in on time or left early. But if there happens to be a situation in a certain room, money's missing or something like that, of course we will check who has been there.  Much additional information is, furthermore, provided by desk research into open sources. 'Open' sources may be easily accessible for everyone, but this type of information source may also be 'on-subscription', for example, databases collecting Chamber of Commerce information or name and address data. They are open in the sense that they are open to everyone who is willing to pay a fee for access. Free open sources are, for example, social media and traditional media. 16 Interviews with the 'subject' or 'involved person' 17 are usually done only at the end of investigations. In this way, investigators may confront the subject with other information which has been gathered. Other interviews with, for example, colleagues or managers of the involved person, are often less formalised and may be done at an earlier stage of the investigation process. For a subject, the interview process is formalised to a higher degree, although it should be noted that a subject does not have the procedural protections a suspect has in the context of criminal investigations. People who are interviewed do, however, have the right to be assisted by a representative (such as a lawyer) and respondents also indicate that they inform the interviewee that his cooperation is voluntary and he is not obliged to cooperate.
His statement is made freely, I mean if during our conversation he decides not to want to talk about it, ok that's his story. I'm not sure he's going to be better off with that [action] but when someone walks out the door, he walks. I'm not going to grab him by the neck and say, ok now you're going to talk. [Respondent 15-corporate investigator] Following the widely-used adversarial principle, interviewees are given the opportunity to read their statement and to correct factual errors. 18 After a final interview report has been drafted, the person who has been interviewed is asked to sign the interview report together with the interviewers, which he or she may refuse to do. Interviews are generally conducted by two investigators for reasons of transparency and reliability.
Many corporate investigations remain entirely in the private realm, as the investigative possibilities are often enough to provide the necessary information without having to resort to the formal powers of investigation of law enforcement (which could be mobilised through a report to the authorities). After investigations are finalised and subjects have had the opportunity to react to the draft report, a final report is made and presented to the client. Based on the findings in this report, a client may decide on one of several possible courses of action.
This section has discussed the second sub-question as defined in the introduction to this paper. We now follow the course of the investigation process further, by seeking an answer to the third sub-question about corporate settlements, in the following section.

Corporate Settlements
Corporate investigations and solutions may remain entirely private, but law enforcement agencies may be involved as well. Under certain circumstances this involvement may be sought at an early stage of, during, or prior to the corporate investigations (Meerts 2018). Such involvement is, for example, highly likely in the minority of cases in which media coverage has already exposed the matter (and not reporting to the authorities would create the image that the incident is being swept under the rug). Alternatively, the police may be brought in because corporate investigators cannot obtain the necessary information (see also Van de Bunt et al. 2013). "Sometimes you know in advance, if you don't involve the police you won't be able to do the full investigations. For some information you just need the police" [Respondent 13-corporate investigator]. Apart from any conscious action by corporate investigators or clients, law enforcement may already be involved at an early stage, as a result of their own efforts.
However, in most instances in which law enforcement agencies are involved, this happens only after corporate investigations have been finalised. Respondents suggest that this is important, in the sense that a well-substantiated report increases the likelihood that law enforcement authorities will indeed investigate. In addition, it is often rather unclear in the early stages of investigations whether the behaviour actually qualifies as a crime. Some corporate investigations are necessary then: "Let's take theft as an example. It starts with a missing item. But that doesn't mean that this item has been stolen. If we immediately go to the police and we have to tell them later on, never mind we found it-that doesn't really reflect well on us does it?" [Respondent 15-corporate investigator]. Another reason to report would be that it is necessary for the insurance claim or it may be a moral consideration-of all the solutions available to corporate investigators, only the criminal procedure has a distinctive punitive side.
Whatever the reason for a report to the authorities, it is hardly ever the only action taken: a report to public law enforcement may prove useful in many ways, but it does nothing to solve the problem in the labour relationship (Meerts and Dorn 2017). In addition, restitution of damages may be obtained much faster through other channels, since the criminal justice system is a slow process-and even then there is no guarantee that the person will be punished or will be obliged to repay damages. Therefore, a report to law enforcement authorities is usually combined with other settlement options. In addition to a criminal trial, organisations may use a civil suit as a means to arrive at a solution. One reason to use civil proceedings is that they are faster and less publicised. Another may be that the standard of evidence is lower in civil cases than in criminal cases. Information presented in civil court is considered a fact when neither party contests its accuracy. Information that may be considered circumstantial in criminal court may serve as evidence in civil court. A civil procedure may take multiple forms: the employer or employee may bring a civil claim for damages based on breach of contract or tort but it may also involve the termination of the labour contract. When the employee does not consent to termination of the contract, a ruling of a labour judge is usually necessary.
Although a civil court case does produce less publicity than a criminal case, it is still a court proceeding and therefore fairly 'out in the open' and this may conflict with the organisations' interests. "There are certain tensions you know. An organisation wants the money back but they don't want to have a lot of publicity. They want it done quietly." . A more private way to settle the matter is through a settlement agreement. This may be a contract in which parties agree on an amount payable by the involved person and it may also include conditions, such as the termination of the labour contract. "In this case, there were two people involved and we struck a deal with the one and the other is paying a monthly amount" [Respondent 6-client]. A settlement agreement in the context of the labour agreement is a termination with mutual consent (article 7:900 Civil Code).
Respondents suggest that non-disclosure clauses are fairly standard to settlement agreements: parties commit themselves to the confidentiality of the agreement and the circumstances of termination. "You come to terms with each other about what you will and will not make public. You make a settlement agreement and a non-disclosure is usually in there-well, then we won't talk about it anymore. From either side." [Respondent 19-corporate investigator]. A non-disclosure agreement is not unique to settlement agreements, however data suggest that its use is highly prevalent here. Compared to other private settlements, which are largely based on action by the organisation, the person subjected to investigations has more influence on the process in case a settlement agreement is used. This influence should not be overstated though-through threats of criminal charges or civil seizure, (s)he may be forced to comply with the agreement. A settlement agreement does have advantages over other solutions for an employee: in this case, the right to unemployment benefits may be preserved and many settlement agreements include some sort of severance payment to the employee.
Alternatively, internal sanctions may follow corporate investigations. Large organisations usually have internal regulations, and measures to be taken in response to the infringement of these rules are often formalised as well. These sanctions may be very mild-an (official) warning-or severe-summary dismissal (dismissal on the spot). Many other possibilities are available. Within the range of sanctions an employee may for example be passed over for a raise or demoted, certain types of access (to for example the financial administration) might be denied, the employee may be removed from a certain position, and benefits may be taken away.
Termination of the labour contract may be seen as the ultimate internal sanction, simultaneously bringing an end to the fact that someone is indeed internal to the organisation. Sometimes involvement of a judge is necessary for termination, but there are many instances in which this is not the case. In addition to the already discussed settlement agreement, a fixed term contract may simply not be renewed or the employee may (be persuaded to) initiate the separation. In 'urgent circumstances', the employer may resort to a summary dismissal (Article 7:677 Civil Code). What may be seen as an urgent circumstance is not defined; however a criminal offence or non-compliance with internal rules falls within this category. If a summary dismissal is to be used, there is a condition of 'immediacy', which means that the employer has to act as soon as the facts are clear. Corporate investigations are, thus, allowed to obtain a clear overview of the facts. Respondents suggest that an employee is often suspended from active duty pending the investigations, so as to make sure the condition of immediacy is complied with.
It is important to note that although corporate investigators may be involved in an advisory capacity in the decision making process regarding corporate settlements, it is the organisation itself (in the form of Human Resources and management) that takes the decision.
We do the investigations and that's it. Two of my colleagues have a different opinion, [they think that] when they say someone's guilty he should be fired, [but other colleagues] have a more nuanced view. Our job is the investigation, getting the evidence and building a case that would hold up in court if necessary. The decisions are up to the involved manager and HR. [Informal conversation with a corporate investigator] Corporate investigators may exert influence over this decision, by providing the organisation with advice. The extent and depth of this advice differs among investigators, most notably because forensic accountants are wary of drawing legal conclusions from the investigations (whereas legal investigators see their added value specifically in drawing legal conclusions and providing advice on how to proceed) (Meerts 2018). If the decision is made to report to law enforcement authorities, this report is usually done by the investigators.
And eventually you will come to the point that you write your report and explain your findings but also draw conclusions based on that. That could be that there must be measures taken against certain persons or that the structure of the organisation should be changed. And it could also lead to the question whether or not the incident should be reported to the police. [Respondent 30-corporate investigator]

Conclusions
This research paper highlights the role of the organisation as the principal actor in corporate investigations and corporate settlements. The legal constraints upon and day-to-day activities of corporate investigators have been considered above. In this conclusion, the consequences of the distance between public law enforcement actors and corporate security are reflected upon. The present work permits us to make some critical comments about the industry, its governance and the ways this research frames these issues. As noted in the introduction, private/public relations in the field of security have generally been approached via consideration of the supposedly diminishing role of a previously dominant state (privatisation, responsibilisation and the growth of mass private property as distinct from public goods). That point of departure implies that private security actors have either filled a gap in security provision left by the state (acting as a supplement to public law enforcement) or that they have replaced the state in this area (becoming a substitute for public law enforcement).
To the contrary, this paper argues that the role of the state in the investigation and settlement of internal norm violations within companies, is better conceptualised in terms of absence (Williams 2005;Meerts and Dorn 2009). The emphasis on the role of the state, furthermore, downplays the importance of the actions taken by organisations themselves against internal norm violations. 19 Taking the private sector, then, as our point of departure, we may discern that, in the social reality of corporate security, it is the state that is the supplement to the solution provided by corporate investigators: the state is the 'junior partner' here, to be called upon selectively, as and when needed.
A report to public law enforcement is made when it serves a purpose for corporate investigators and organisations. When this is not the case, corporate investigations and settlements largely remain in the private legal sphere. We may, then, conclude that the short answer to the research question is that the role of corporate investigators in the investigation and settlement of norm violations within organisations is substantial and that it exceeds involvement by state agencies. In theoretical terms, the private/public demarcation identified by Williams (2005) can be found in the context of the investigation of norm violations within Dutch organisations.
As a consequence, little is known about the way in which organisations deal with internal norm violations (Meerts 2018). While this has the advantage for the state that the criminal justice system is not flooded by cases it is not very well equipped to deal with, a negative consequence is limited public control over the ways in which organisations deal with internal norm violations. As mentioned in this paper, in the Dutch case there is a permit system available for corporate investigators, however, this is only applicable to private investigation firms. This means that most investigators are not caught by the 'regulatory gaze' of the state (White 2014.). In light of the question of how to frame public/private relations in the field of corporate security, it would be interesting to explore whether and how legal frameworks, roles and activities of corporate investigators may differ between countries. The UK, for example, does not have a permit system for private investigators (see for example Meerts 2018). Interestingly, minor fieldwork conducted in the UK in the context of this research suggests that the way in which investigations are done, and the issues that may be identified (for example with regard to private/public cooperation), are broadly similar in the UK and the Netherlands. Interesting work in specific national jurisdictions by for example Williams (2005, Canada), Gill (2013, UK) and Gottschalk (2015, Norway) seems to point in the same general direction. However, more (specifically comparative) research is necessary on this topic. This relative invisibility, together with other characteristics of the sector, make comprehensive control over, or even insight in, the way organisations deal with internal norm violations very challenging (Williams 2006b). Much is left to the individual investigator and the client organisation. Seen from the perspective of the values of democracy and the rule-of-law, this is problematic. Corporate investigations may have considerable impact on the lives of employees. In addition, there is a marked power imbalance between the organisation and the person who is subjected to the investigations. Even when no rules are broken by investigators or organisations that hire them, the involved person may be pressured into a disadvantageous situation; at the very least he may be upset.
In principle corporate investigations have a 'downwards gaze'. Since the organisation determines the assignment, most investigations are focused on individuals (lower-level management and employees) instead of on the organisation itself (Williams 2014). 20 The legal person of the organisation is often part of the investigations only as context, and faulty processes may be identified in order to be corrected. However, blame is hardly ever put on the organisation, although there are many examples of organisations acting as a perpetrator or facilitator (see Gorsira et al. 2018;Van Rooij and Adam 2018;Lord et al. 2018). In this way, corporate investigations have an inherent bias towards 'rotten apples'. The barrel is taken into account but often not held accountable.
Funding: The research underlying this paper was funded by a grant from the Netherlands Organisation for Scientific Research (NWO).