The privacy and evidence collection challenges in corporate anti fraud investigations mainly manifest as restrictions on electronic evidence collection, questioning of the evidential validity of confidential audio and video recordings, and information barriers in cross departmental collaboration. These factors seriously affect the verification rate of enterprises, making internal investigations often face challenges. Most companies face a delicate balance between investigative authority and employee privacy rights, which is particularly evident in current audit reports. For example, in the audit report of a listed company in 2024, although 237 reports were received, only 9 cases were ultimately confirmed.

Case study of a listed company

In May 2025, the audit department of a listed company (referred to as Company A) received a report from anonymous individuals, which pointed out that Zhang, the sales director of Company A in the East China region, was suspected of the following misconduct: Zhang used a shell company controlled by his relatives to sign false sales contracts with Company A, in order to illegally embezzle the company's marketing funds; At the same time, he privately instructed the distributor to transfer a portion of the payment directly to his personal bank account; In addition, auditors also found a large amount of tampered performance report data on Zhang's office computer. This case demonstrates the evidence collection difficulties that companies encounter when handling reports.

02

Legal Basis and Relevant Suggestions

◆ Legal Basis

Article 1034 of the Civil Code provides detailed provisions on the scope of protection of privacy rights. However, Article 1036 also states that "reasonable actions taken to safeguard the public interest" can be considered as grounds for exemption. The newly revised Article 17 of the Anti Unfair Competition Law in 2025 grants limited investigative powers to enterprises, allowing them to access work email and OA system records in suspected cases such as embezzlement and commercial bribery. However, companies must exercise this right with caution and follow legal procedures and authorities.

Suggestions for enterprise investigation authority

In order to improve the compliance and verification rate of the investigation, Lawyer Zhao Zhengbin from Beijing Haowei Law Firm suggests that companies should establish a three-level investigation authority mechanism. This mechanism stipulates that primary investigations can access public work records, intermediate investigations require approval from the legal department, and senior investigations must obtain written authorization from the supervisory board and notify the investigated party. Through this mechanism, a certain technology company successfully increased its verification rate from 4.3% to 21%, while avoiding the risk of privacy litigation. Other suggestions include: companies should clearly stipulate in their employee manuals that work equipment has no privacy expectations, follow the "minimum necessary principle" during the investigation process, ensure that only necessary information is monitored, and avoid potential risks caused by comprehensive monitoring. When handling major cases, it is recommended that companies hire third-party audit firms to intervene to ensure the compliance and fairness of the investigation process.