12 guiding principles for navigating regulatory investigations

  • Legal update

    08 February 2024

12 guiding principles for navigating regulatory investigations Desktop Image 12 guiding principles for navigating regulatory investigations Mobile Image

New Zealand has a mature regulatory environment where authorities regularly conduct investigations to ensure legal compliance across a breadth of industries. If you are under investigation, your effective participation is crucial to ensure a fair and transparent process and minimise any potential for commercial and reputational damage.

In this alert, our experts share their 12 guiding principles to help you navigate a regulatory investigation effectively and with confidence.

Who needs to read it? Why?

This alert should be read by business managers and leaders operating in industries subject to regulatory oversight. It will be of particular interest to those facing or anticipating a regulatory investigation, and front-line staff responsible for compliance, risk, legal and regulatory affairs.

What is a regulatory investigation and how does one typically progress?

A regulatory investigation is a formal inquiry conducted by a government agency or regulatory body to examine potential violations of laws or regulations committed by a specific company or industry. Investigations can be triggered by various events, including self-reporting, complaints from consumers or competitors, irregularities in financial reporting, whistleblower reports, adverse media coverage, and regulator monitoring and surveillance activities.

In response to non-compliance, regulators employ a range of measures tailored to the severity and nature of the violations found. For minor breaches, regulators may issue warnings, provide educational guidance or levy infringement fines. Offenders may be encouraged to comply voluntarily through agreements that outline corrective actions. Legal actions, including prosecution, may be pursued and this can lead to fines, or civil pecuniary penalties, injunctions, court-ordered remedies and, in the most serious of cases, imprisonment. Regulators may also suspend or revoke licenses, conduct audits, and publicly disclose instances of non-compliance to promote transparency.

A regulator’s response will be guided by its regulatory framework and reflective of the specific circumstances surrounding the non-compliance. It will also be heavily influenced by the way in which the individual or business under investigation participates throughout the process.

12 guiding principles for navigating regulatory investigations

If you are facing or anticipating a regulatory investigation, we recommend you carefully consider our guiding principles for navigating investigations, outlined below. 

Understand scope and context of investigation

  • Determine the scope and nature of the investigation. 
  • Identify the specific allegations or concerns being investigated, the applicable laws and regulations, and the liability regime (e.g. who could be held responsible and whether offences carry strict liability).
  • Identify the regulator's enforcement priorities, powers, and policies, and determine how to navigate them.
  • If an investigation is industry-wide, consider whether an industry-coordinated response can be marshalled and would be helpful.

Assemble team and determine its method of operating

  • Establish a small team to navigate the investigation process. The team’s composition should reflect the nature of the investigation and the specific regulatory issues involved. Always consider engaging independent subject matter expertise. 
    • Ideally the team should be led by a senior lawyer (internal or external) with expertise in the relevant regulatory area and experience of participating in regulatory investigations. 
  • Keep the internal and external messaging consistent and provide a co-ordinated response. Having a team member in charge of all communications can help ensure this cohesion. 
  • Carefully consider when and how the team should engage with management, the board, and shareholders. 

Look after your people

  • Demonstrate care for all staff involved in the investigation. An individual team member could become your secret weapon or your primary vulnerability. Make sure they understand what is happening and why. 
  • Identify whether any staff member requires independent legal counsel.

Identify, preserve and document relevant information

  • Identify and preserve all relevant documents and data that may be related to the investigation. This includes emails, contracts, financial records, due diligence and any other pertinent information.
  • Follow your existing document retention policy (or establish guidelines) to ensure that relevant information is retained and not inadvertently destroyed.
  • Establish a practical communications protocol at an early stage to maximise your chances of asserting legal privilege successfully and protect confidentiality where necessary.
  • Be mindful of asserting confidentiality, legal privilege or other applicable protections over documents when they are shared with the regulator. Keep a clear record of what information has been provided. 

Consider conducting an internal investigation

  • Consider conducting an internal investigation as this may aid: early identification of issues; understanding the scope of the problem; preservation of evidence; mitigation of legal, financial and reputational risks; communication with regulatory authorities; prevention of any reoccurrence; strategic decision-making; and employee and stakeholder confidence. An internal investigation may not be helpful if the conduct at issue is particularly challenging.  
  • Understand that your investigation report could potentially be shared with a regulator.
  • Seek guidance from legal counsel to maximise the chances of being able to assert legal privilege successfully (i.e., protect certain communications and documents from disclosure during the regulatory investigation).

Determine your strategy for engaging with regulators

  • Determine a strategy for engaging with the regulator, noting that:  
    • Most regulatory regimes afford regulators significant discretion to steer their enforcement response.
    • Any information that is provided to a regulator could potentially be used as evidence against you or your business in any enforcement proceeding.
    • The regulator's powers of entry, search and collection of evidence may be extensive.
    • Compliance with the regulator’s information requests or requests for interviews may be voluntary or mandatory.
  • Engage and communicate with the regulator in a respectful and professional manner.  
  • Seek advice from your lawyer before providing any information to a regulator or agreeing to participate in interviews. Your lawyer can help you to draft an appropriate response.
  • Identify internal and external stakeholders who are likely to be impacted by, or interested in, the investigation and consider how best to engage with them. 

Prepare thoroughly for regulator interviews and site visits

  • Prepare for any interviews by working closely with your legal counsel. Be truthful and accurate in your responses to questions and avoid speculation. Consider whether a lawyer should accompany you.
  • Understand the format of the interviews and request that a recording is taken and a copy is provided to you. 
  • Prepare thoroughly for regulator site visits and ensure that any volunteered remediation or remediation requirements that arise out of the visits are fulfilled within the deadlines set by the regulator.

Carefully manage external communications

  • Be mindful of public interest during the investigation. 
  • Consider establishing a communications plan to address enquiries from stakeholders, customers, or the media.
  • Avoid making statements that could be interpreted as an admission of guilt and seek advice on public responses from your lawyer.
  • Consider whether your company is obliged to make any disclosures relating to the investigation (e.g. as a listed company).

Keep your insurer updated

  • Consult your business's insurance broker or insurer after any incident or event (and again after any investigation is commenced) to determine if the business has cover for costs and potential liabilities arising from the investigation and, if so, to ensure any insurers are notified. Policies usually require prompt notification to your insurer after an incident or event that might give rise to liability.

Implement corrective actions

  • Consider implementing corrective actions promptly if the investigation reveals areas where your company needs to improve compliance.
  • Implement any corrective actions that you volunteered as part of the investigation process promtly.
    • Demonstrating a commitment to addressing any shortcomings can positively influence the regulatory authority’s enforcement response.

Review and appeal

  • Review any regulator findings with legal counsel and consider next steps, including any potential appeals or objections to an adverse decision.
  • Understand the appeal process available to you and any associated appeal deadlines.

Continuously monitor compliance

  • Remember that repeat offending can elicit a firmer regulatory response. After the investigation concludes, establish a system for continuous monitoring of compliance to prevent similar issues in the future. This could include:
    • organising internal training sessions; further testing compliance with systems and controls sessions; and 
    • creating and developing a culture that encourages prompt notification of any potential issues or concerns to compliance and a designated internal team or person.


How can we help?

MinterEllisonRuddWatts is home to some of New Zealand’s leading public and regulatory lawyers. We routinely assist clients with the full spectrum of regulatory matters, offering comprehensive solutions tailored to each client’s unique challenges. We specialise in: assisting with incident responses; developing proactive compliance strategies; conducting internal investigations; and providing strategic counsel and representation during regulatory investigations and litigation.

Members of our team have significant experience of participating in regulatory investigations conducted by the New Zealand: Commerce Commission, Customs Service, Environmental Protection Authority, Financial Markets Authority, Ministry of Business Innovation and Employment, Ministry for Primary Industries, regional and district councils, Reserve Bank, Serious Fraud Office, and WorkSafe


This article was co-authored by Danielle Cooper, a Solicitor in our Corporate and Commercial team.