8 Tips to Make Workplace Bullying Investigations More Effective

8 Tips to Make Workplace Bullying Investigations More Effective

Over the past decade, there has been growing acceptance of the importance of Corporate Social Responsibility. Workplace Bullying is often defined as a repeated unreasonable behavior which creates a risk to health and safety.

What is Workplace Bullying?

Bullying behavior in the workplace may include:

  • aggressive, threatening or intimidating conduct
  • excluding someone from work-related events
  • unreasonable work demands
  • belittling or humiliating comments
  • pressuring someone to act inappropriately

Reasonable management action does not constitute bullying. These actions may include actions such as: performance management processes and informing a worker about unsatisfactory work performance. However, if not conducted in a reasonable manner, these actions could still be considered workplace bullying. 

Bullying behaviors can cause serious psychological harm and increase psychosomatic complaints in victims. Organizational effects include lower job satisfaction, absenteeism and turnover. All these negative outcomes can potentially harm the individual’s as well as a company’s overall performance.

Companies face civil and criminal penalties if they breach the care of their workers. For example, in 2019, Australia introduced the Enhancing Whistleblower Protections Bill which provides enhanced protection for those who report unethical activities such as:

  • harassment or intimidation of a person;
  • harm or injury to a person, including psychological harm
  • discrimination

Protecting workers from bullying and harassment has increasingly become a priority issue on the public agenda. The Fair Work Act 2009 also covers contractors/subtractors, volunteers, outworkers and students gaining work experience as well.

Workplace investigations are a process by which employers gather information to assist the employer to make an informed decision. This typically involves enquiring, collecting information and ascertaining facts. However, investigating bullying behaviors in the workplace is a difficult task. 

When conducted poorly, this may adversely affect the company’s reputation and result in costly legal suits.

Before embarking on a workplace bullying investigation, we recommend following this guide to ensure that the investigation will yield best results.

1. Take Immediate Action

The importance of timing is one of the most critical, yet often overlooked, elements of an investigation. Failure to act quickly and decisively has concerning implications.

Companies risk immediate consequences such as absenteeism, excessive sick leave and reduced productivity. Taking immediate action is critically important to not only protect the workers from harm but to also protect the company and avoid legal liability. Review bodies such as tribunals or courts  may evaluate the timeline of the investigation and determine whether interviews were conducted in a timely manner. 

Initial decisions that may also need to be considered are:

  • Should we suspend the person who is causing the harm or the alleged threat, pending an investigation to follow? 
  • Who do we need to inform of the situation, such as the Board or law enforcement?

Employers may seek to place an employee on administrative suspension. However, unreasonable suspension holds serious consequences and can result in much heavier costs for the company. A thorough risk assessment must be carried out prior to making a decision.

Things to be considered before making this decision:

  • Whether the suspension is done according to a fair process and for a fair reason
  • Whether the suspension is in accordance with the disciplinary policy, though you may do so without an express clause in the suspension contract (Avenia v Railway & Transport Health Fund Ltd [2017] FCA 859)
  • Further harm to the alleged victim and other workers should the respondent remain in the workplace
  • Payment to suspended employee suspension must be paid unless under exceptional circumstances

If parties involved in the allegation are away for a planned absence or holiday, it is best practice to document the reasons for delay.

2. Review Workplace Bullying and Investigation Policies

Before launching an investigation, it is important to ensure that the investigation is in line with the organization’s policies and protocols. It is also important to frame the investigation and know in advance what your organization defines as bullying or harassment, so you can assess whether the reported behaviour is actually bullying.

Every organization should have a policy or procedural guideline which outlines investigation protocol. This assists the handling of workplace bullying and harassment complaints.

However, policy changes may be required to stay up-to-date or to ensure clarity. In this case, edits must be authorized and documented. It is best practice to communicate with affected parties before proceeding to the next step.

3. Choosing an Investigator

Investigations are best performed by individuals who can impartially gather the evidence and promptly present it to key decision makers if necessary. Having a fair and impartial investigator helps shield them and your organisation from potential claims that the investigation was inadequate.

The person conducting the investigation should:

  • treat all matters being investigated seriously and confidentially
  • have no conflict of interest
  • record and examine matters objectively based on facts 
  • identify and speak to all relevant witnesses

While arranging an internal investigator may be less costly, hiring an external investigator may offer greater legal expertise and neutrality. This minimizes the risk of litigation, and should litigation ensue, the report may be covered by professional and legal privilege.

4. Create a plan for the Investigation

Gather all the relevant information such as an employee complaint, supervisors report, and evidence such as emails and letters surrounding the matter. Using this information, consider what questions need to be asked, who the potential witnesses are, and whether employees and supervisors can provide any additional material. When preparing investigation questions, ask open-ended questions rather than leading questions to elicit as many details as possible. This also helps minimize potential bias.

5. Maintain Confidentiality

The investigation should protect the confidentiality of all parties involved. Details of the investigation should not be released unless legally compelled to do so. This helps ensure that the reporter of the bullying behavior is not victimized.

Oftentimes, allegations, even when proved groundless afterwards, can be harmful to an individual or company. Confidentiality ensures the protection of the person accused, the witnesses, and the organisation as well.

6. Conduct Strong Interviews

A strong interview depicts an accurate picture of the situation. It must include specific details such as time and place the incidents took place and whether the incident was discussed with anyone else in the department or company. Although most workplace bullying investigations usually involve the employee accused and the alleged victim, if you believe someone may have seen or heard something important, you may want to interview the witness and get their perspective as well. Make sure that the interview is not taken in the presence of other people to maintain confidentiality.

7. Document the Investigation

A good investigation report is detailed and accurate. All informal conversations, meetings, and interviews must be documented, detailing specific dates and times, who was present, what was discussed, and the agreed outcomes. Some investigations may also require the gathering of other types of evidence such as stolen items, weapons, etc. The report must also explain how and when the complaint came to attention, and what you did about the problem. 

An investigation report may later be used in proceedings at tribunals or a court of law. Using a case management software ensures safe and easy management of investigation summaries, interviews, evidence and all necessary documents. If you would like to see how you can generate one-click investigation reports and make it easy to generate briefs of evidence, please click here.

8. Stress Management

Workplace bullying investigations could be incredibly stressful for all parties involved. As stress and fatigue can build up during the investigation, it is vital to exercise effective stress management strategies in order to exercise good judgment and to remain level headed from the initial report to the closure of investigation. You may wish to refer some or all parties to internal or external counselling services. Importantly, you should maintain communication and follow a rigorous process, so all parties know they have been treated fairly and impartially.

The Polonious SIU Case Management System (PCMS) is an agile tool specifically designed to cater to the unique dimensions of each workplace investigation, while providing a rigorous, repeatable process that is compliant with any regulatory requirements. This safe and secure tool adds an additional layer of protection. 

Workplace bullying can cause significant psychological distress and put your organisation at risk of litigation as well as absenteeism and staff turnover.

Workplace bullying can cause significant psychological distress and put your organisation at risk of litigation as well as absenteeism and staff turnover.

However workplace bullying is not limited to aggressive behaviour, and includes many other forms of treatment including ostracising particular employees.

However workplace bullying is not limited to aggressive behaviour, and includes many other forms of treatment including ostracising particular employees.

Book a Demo Now

Learn more about how Polonious can help you conduct fair workplace investigations today.

Financial Crime Detection and Investigation – The Hub and Spoke Model

Financial Crime Detection and Investigation – The Hub and Spoke Model

Financial institutions, including both banks and insurers, have been facing rising levels of financial crime for a long time, particularly cyber crime. This is especially true during the pandemic. Alongside this we have a tightening regulatory framework around anti money laundering, know-your-customer requirements, and counter terrorism funding regulations, as well as more general regulatory changes including the new General Insurance Code of Practice and the new AFCA complaints and Internal Dispute Resolution requirements in Australia.

There is an increasing workload required of financial institutions to find, investigate, and report fraudulent activity, as well as an increasing variety of methods used by fraudsters, and greater risk of loss to the organisation. Added to this, the sheer volumes of data being produced in an increasingly measured and online world has been both a blessing and a curse depending on how it’s collated and used.

This has seen a growing number of solutions aimed at leveraging datasets to detect fraud, often with particular specialities – transactions, loan applications, insurance claims, and so on. This can lead to a very siloed approach in some institutions, particularly banks where the nature of their operations requires a greater variety of detection systems. It can also come about because teams have been created at different times for different reasons – e.g. an anti-fraud team was built to help customers and reduce losses, but an AML/KYC team might have come about due to regulatory change.

There are a couple of problems with this situation. One is fairly straightforward – expense. Running multiple teams for different reasons, especially with little mutual aid or communication, is very expensive. Each team may have duplicates of other teams’ cases, each team has its own management structure, its own paperwork, and so on.

The other, more important situation is co-ordination. Financial crimes are complex and evolving, and may touch on numerous aspects of your operations. In the above situation of siloed AML/KYC teams and fraud investigation teams, organised crime syndicates that may be picked up by AML/KYC have a risk of being involved in fraud rings. If your teams are not sharing information, you may miss a red flag like a contact number from a KYC case showing up on a potential fraud. Similarly, you may miss details from a transaction fraud case that appear on a loan application, or the account a claim is to be paid into may go to a bank account that’s been flagged for AML.

The curse of big data is the combination of the above two issues – if you fail to unify and analyse all your various sources of data, you will be snowed under, and with little useful insight to show for it.

As such, there has been an increasing focus on unified financial crime systems within financial institutions. An approach often discussed is the ‘hub and spoke’ model, where numerous data sources are collated in one central location for one team to look at, and potentially one analytics solution to run over the data. However, this may not work for some institutions for the reasons mentioned above – data sources are quite varied, and a transaction monitoring engine may not be suitable for application or insurance fraud, or vice versa. Additionally, the project costs required for replacing multiple existing solutions may be prohibitive.

So, what do all of these potential fraud cases have in common? Well, they need to be investigated. Whether it’s to triage and potentially report to regulators in the case of AML, to recover money from another financial institution in a card fraud case, or to prepare a brief for recovery via the courts, all of these cases require some level of investigation. For reasons we’ve outlined before, analytics engines alone will not provide a holistic fraud solution, not to mention the issues with operating across different data sets.

As such, the natural place to collate all of the insights various detection and analytics systems can provide, and without the project costs of replacing several existing systems, is to add an integrated investigation management system as the hub to which all of your intelligence and analytics spokes connect.

Modern integrations via tools such as APIs allow seamless transfer of flagged cases between detection or analytics systems and a case manager, meaning you can run a smaller team that works only in the case manager itself. Two way integration means that updates can be fed back to detection and analytics systems, improving their accuracy, as well as passing new information between systems via the hub.

APIs also make the integration process easier, making it possible for systems such as Polonious to integrate with multiple leading analytics and detection solutions with minimal fuss.

Bringing every red flag into the one system then allows you to lay other intelligence tools over the top, such as graphical link analysis, to provide even greater insight across your whole dataset.

Lastly, all of these red flags and potential investigations are brought into a system which is specifically designed for robust investigations which comply with all your regulatory requirements.

Financial and cyber criminals are becoming increasingly sophisticated. Running a bureaucratic and fractured anti-fraud and anti money laundering program simply will not keep up.

Financial crimes detection, investigation, and intelligence increasingly uses the hub and spoke model

Financial crimes detection, investigation, and intelligence increasingly uses the hub and spoke model

Powerful graphical link analysis meets comprehensive investigation management - Polonious and Maltego

Bring all your data into one place and identify connections and red flags you wouldn’t have found otherwise.

Book a Demo Now

Would you like to see how Polonious’ can help you centralise all your detection and intelligence data in one secure, rigorous investigation solution?

Internal Corruption – A Quick Way to Identify and Investigate

Internal Corruption – A Quick Way to Identify and Investigate

Internal corruption can be a tricky beast to identify and investigate, as opposed to internal fraud which – although complex to investigate – usually comes with a paper trail of some kind.

An unbalanced ledger, an unpaid supplier, or a payment without delivery, there’s usually something to go on. However, internal corruption often occurs in secret deals between people who won’t report or co-operate unless their relationship breaks down.

For example, an employee involved in a kickback scheme may inflate the price of some service by a percentage over market value, and receive a payment or some other gratuity from a vendor.

If there’s no missed payment, an apparently legitimate supplier, and the service was delivered – there’s no clear way to identify this except that the profit or balance sheet may continually suffer in that area.

However, there is one simple method which we would all be at least somewhat familiar with – at least if we’ve watched our share of gritty crime dramas – which we can use to identify and, in some jurisdictions, provide evidence for internal corruption.

I’m sure many of us have seen one of the above crime dramas, and noticed that they often involve a corrupt detective of some kind. Suspicion is usually raised, in ourselves or in the other characters, with a question like “How do they afford that on a detective’s salary?”. The answer in these shows is, of course, corruption.

In real life of course, it’s not that simple. We don’t know what other legitimate sources of income someone may have. However, it is a worthy question to ask, particularly in high risk industries like banking, or high risk positions like a procurement manager.

You can ask this question to raise a suspicion and start an investigation – and if you can find out your employee’s other sources of income, you can start to compare this to their expenses and determine if there is any unexplained income.

The Basel Institute on Governance, a not-for-profit institute aimed at researching and fighting corruption, calls this ‘Source and Application’ analysis. It involves subtracting a subject’s income and funds (including a starting bank balance) from known lawful sources in a specific period, from the total expenditure or accumulated funds in that period.

If there is any left over, this represents unexplained income that may be fraudulent.

The subject may be able to explain the source of the income – it may not be corruption. But if some or all of the income remains unexplained, this can be presented as circumstantial evidence in a corruption case.

In some jurisdictions, you can directly claim against this unexplained income in recoveries. At a minimum, it is a useful tool to highlight unexplained income and structure investigations to target that income.

Collating bank statements, pay slips, dividend statements and so on can help you balance out expenses on loans, rent, holidays, and so on – leaving you with only unexplained income, and clearly checked off explanations that you no longer need to look into.

It can also help you identify networks of associates and possible leads toward the unexplained sources of income. In situations where the analysis isn’t admissible itself, this is still a useful tool for gathering, organising, and explaining evidence that is.

This is also where a case management solution like Polonious can help, for gathering and organising that evidence, particularly when combined with our integrations with OSINT sources, and Maltego graphical link analysis.

If you would like to speak to Polonious to see how we can make it easier to fight internal corruption, with our leading investigation management solution as the hub of your intelligence and investigation operations, please click here.

Internal corruption can be hard to identify and investigate
Internal corruption can be hard to identify and investigate
Powerful graphical link analysis meets comprehensive investigation management - Polonious and Maltego

Identify networks of corruption and influence with Polonious’ Maltego integration

Book a Demo Now

Would you like to see how Polonious’ can help you identify and investigate internal corruption?

12 Things to Include in an Investigation Report

12 Things to Include in an Investigation Report

Writing investigation reports is time consuming, and styles can vary widely between investigators. Having a template with fillable fields ensures a consistent style, as well as prompting investigators to ensure all the information is filled out. Having one on hand also means that you can fill it out over the course of the investigation, writing case notes and summaries into it as you go – saving time re-writing notes into your report at the end of the investigation. However the ultimate is, of course, a case management system such as Polonious, which can generate an investigation report for you at the click of a button.


Whichever way you are doing it, these are the fields that we find usually appear on an investigation report. We’ll use insurance fraud investigations as our main example, but these are applicable to other investigations too, such as banking fraud, complaints and workplace misconduct, education, and so on.

  1. Identifiers

    Case files should come with a unique case number for easy identification in whatever system you have – whether it’s physical files, spreadsheets, or a case management system, and these should be in a prominent position on the investigation report. This may be a claim or policy number, or a student or employee number. However this becomes complicated as you may have multiple investigations related to the same policy or person.


    We recommend assigning a unique identifier to each case, with other identifiers such as policy or claim number as secondary references in case you need to find information in another system.

  2. Investigator and Report Writer details

    Your investigator may be the person writing the investigation report, but this is not always the case. You should specify both for completeness and accuracy. For insurance cases, you may also wish to specify the claims handler.


  3. Referral source

    In an insurance case, this may be the claims handler, in which case you might not need an extra field. But it could also be another part of the business, or a tip line, or an analytics engine. For a misconduct or education case it may be a complainant or a witness.


  4. Key dates

    The three key dates you should include in the investigation report are the date referred, when you first received the case; the date entered or filed, which is when you first created the case file in your physical or electronic system – this may be different due to a delay in filing when you’re busy, and lastly; the date it was first allocated to an investigator. For a closed case, you may also wish to include the date closed.


  5. Case description/summary

    This should include the allegation or description of conduct or fraud being investigated. For example, in a misconduct investigation it will likely be an allegation from the complainant against the subject. However, for an insurance fraud case, it may be an event like a vehicle collision, and the reasons why it was flagged as possible fraud – e.g. over a certain value or within a certain window relative to policy inception or expiry. If the allegation was made by someone other than the victim, include whatever details you can about the victim.


  6. Special requests or instructions

    This is similar to, but separate from the above. In this section you outline what, specifically, you are looking into with regard to the allegation or event – where you started the investigation from and what you’re trying to prove. For example, ‘Check for consistency between body-shop quote and crash description in police report’ or ‘Determine whether X’s management decisions were applied consistently across the team or unfairly targeted the complainant’. This will give some context to the case history below.


  7. Subject details

    Enter any relevant details about the subject here. This will usually include name and contact details, as well as further information that may be relevant depending on the investigation type. For example, for an internal misconduct investigation you may include office location and staff number or job title. For auto fraud you may include licence number. For surveillance cases you should include a description of the subject – height, build, hair colour, etc. On certain case types, you may wish to include an ID photo.


  8. Case Notes/History

    List all of the actions taken on the case here, in chronological order. Include who was assigned and who completed the action, a brief description of the action, and the date, time, and location it was completed. For interviews and surveillance, include who was the subject of the interview or surveillance, as it may not always be the main subject of the investigation. Provide enough to outline a case history, but leave the detail for below.


  9. Photos/Surveillance Reports

    This section is more specific to auto or surveillance cases, but if you have photographs – e.g. of a crash scene or important photos from surveillance – you should include them here. They can also be included in the evidence log or brief of evidence below, but including key photos here makes the investigation report more compelling and easier to read than having to open another attachment. Additionally, you may wish to include the surveillance reports with the photos, as well as a summary of other surveillance.


  10. Interview reports

    Provide the detail here for any interviews you mentioned in #8 above. Provide the main details of each interview again, as well as:

    Any compliance requirements – length of interview, breaks taken, support people present (including translators). Anything required to show the interview was ‘by the book’. In Australia this now includes a number of requirements related to the General Insurance Code of Practice.
    Interviewer notes – summarise what was discussed during the interview, including the purpose of the interview (which should be relevant to point 5 above), the interviewer’s role, and any requirements about confidentiality or protection. The overview should include confirmation of the date, time, and location of any incidents discussed, and a description of the incident and description or identification of any other parties present – either involved or as witnesses. The notes should conclude with the interviewee’s review of the notes and agreement that they are a true and complete record of the interview, and this should be backed up with a signed statement or recording below.


  11. Evidence log/brief of evidence

    You should include a list of the evidence collected during the investigation. You should include the following details:

    Who collected the evidence, as well as their role in the investigation
    Date and time the evidence was collected
    Type of evidence – photo, video, forensic evidence, etc
    Where the evidence is stored (if applicable)

    Alternatively, you can attach a brief of evidence to the investigation report, listing all of the evidence details above and including any photographs, signed statements, surveillance and interview reports, and so on. If presented electronically, this can also include audio and video. For example, Polonious includes easy to create PDF briefs that include photos and documents, as well as secure links to video and audio files stored online.


  12. Recommendations

    Your last section should detail your findings from all of the above materials when considered alongside any relevant legal or policy frameworks such as insurance policy conditions, or employee codes of conduct. Should the claim be denied? Should disciplinary action be taken against the employee or student? Or does the evidence not support the questions the investigation was trying to answer? Support your recommendations by referring back to the details above – do not assume the reader will automatically make the same connections you did.


How can Polonious help?


If you have a case management system, you can log all of the above as you complete the investigation. Dates, subject details, case numbers, and so on all come across automatically.

Did you just write some notes in the case file? Well, when it comes time to create the report, we can pull those in to section #8 without you needing to summarise them again.

Logged some surveillance photos? We can show them directly in the investigation report and include their details – including metadata – in the evidence log. As mentioned above, they can also be included in a brief of evidence – even video and audio in electronic briefs – cutting hours or even days of preparation time down to an hour or two.

Additionally, as a process based system, all actions on the case which support your investigation report are maintained in the case history, with a full audit trail.

Investigation Reports - One click generation with Polonious

Polonious provides one-click investigation report generation.

Investigation Report - Include scene and surveillance photos easily

Polonious allows you to easily include scene or surveillance photos in your investigation report, alongside case notes and actions

Book a Demo Now

Would you like to see how Polonious’ can help you with investigation reports?

Graphical Link Analysis with our Powerful New Maltego Integration

Graphical Link Analysis with our Powerful New Maltego Integration

Our UK team have been working hard on an integration with Maltego – a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering. Our Maltego ‘transform’ allows you to run Maltego over a Polonious database and display links between elements on a node based graph.

This graphical link analysis makes multiple order connections between different elements easily identifiable. With other transforms, you can connect other data to Maltego open source intelligence (OSINT) and other partners, further building out the connections between Polonious data and other intelligence.

If you’ve run Maltego over existing Polonious cases and you find something interesting, you can query cases, people, companies or other entities in Polonious in real-time. However, if you start your investigation in Maltego, you can send the case to Polonious and send people, companies and other entities to your new case.

So what does this mean for you? Well, if you’re analysing intelligence in Maltego and you find something worth investigating, you can easily bring that over to Polonious and work the investigation in our leading, dedicated investigation management system. From there, you have all the benefits of Polonious – streamlined processes with reduced administration, high security evidence management, and built in compliance with relevant legislation.

If you’re working an investigation in Polonious and you need to see if any subjects, contact details, vehicles, etc have any connections with other Polonious cases or any other intelligence sources, you simply run the Polonious transform in Maltego. Graphical link analysis makes it easy to identify connections, which you can easily feed back into the case.

We have a short introductory video below, and we have more information and a longer demo on our evaluation page here. If you would like a demonstration of the power of Maltego graphical link analysis + Polonious investigation management, please click here to get in touch!

Powerful graphical link analysis meets comprehensive investigation management - Polonious and Maltego

Powerful graphical link analysis meets comprehensive investigation management – identify links between subjects, emails, cars, cases, and more, and then send them to Polonious to start or update investigations.

Simple transforms let you run Maltego over Polonious and combine it with numerous external OSINT sources

Simple transforms let you run Maltego over Polonious and combine it with numerous external OSINT sources

Book a Demo Now

Would you like to see how Polonious’ insurance assessing module can help you?
SIU Insights report 2021How do you compare to other SIUs?

Check out some interesting results from our SIU management survey. Submit below form to receive the download link and related updates going forward.

GICOP changes 2021Download the GICOP whitepaper and stay compliant.

Our whitepaper covers all aspects you need to know to stay compliant with the latest GICOP changes coming into effect in 2021. Submit below form to receive the download link and related updates going forward.