Before the Subpoena: Early Warning Signs of Financial Misconduct
By the time a subpoena arrives, the misconduct is usually years old — a string of accounting entries that never quite made sense, an auditor who was quietly pushed away, warnings that were explained away rather than investigated. This webinar unpacks what financial fraud looks like in the period before enforcement, and how compliance teams can recognize the earliest signals, control the narrative, and protect the organization.
Joah Park
Brand Manager & Media Producer, Lead Producer for The Ethicsverse

By the time a subpoena lands on the desk, the story is almost always over — the real events unfolded months or even years earlier, hidden inside accounting entries that never quite reconciled, an internal-audit flag that got explained away, or an external auditor who was quietly shown the door. This Ethicsverse session, hosted by Nick Gallo of Ethico, brought together three panelists who have seen financial misconduct from every angle: Leigha Simonton, a former U.S. Attorney for the Northern District of Texas now with Dykema; Tiffany Eggers, a twenty-year DOJ veteran and senior counsel at Dykema who spent most of her career prosecuting financial fraud; and Christina Gotsis, a CPA, CFE, and white-collar litigator whose experience includes work connected to the Madoff case. Together they examined how fraud actually develops inside organizations, what the earliest indicators look like from a forensic perspective, and what compliance teams should be doing in the fragile window before enforcement begins.
The unifying theme of the discussion is control — specifically, that the period before misconduct becomes public is the moment a company has the most power to shape its own outcome. Fraud rarely announces itself with a single smoking gun; it accumulates through a series of small anomalies that individually seem explainable but collectively reveal a pattern. The panel walked through how prosecutors reverse-engineer schemes after the fact, why isolating a wrongful actor early can position the company as a victim rather than a target, and how the discipline of documenting facts — not opinions — can preserve both privilege and narrative. Above all, the speakers reframed compliance as an enterprise-wide risk function that must have a line of sight into financial data and a culture in which raising a hand is safe and expected.
Key Takeaways
Enforcement Begins Long Before the Subpoena
Most people equate enforcement with the arrival of a subpoena, but the panel emphasized that it effectively begins months or years earlier, in the accumulation of small irregularities that were never connected.
The critical window is the period before an issue hits the news cycle or a regulator's radar, when the organization can still stay organized, understand what actually happened, and control the narrative before "the music stops."
By the time regulators arrive there is usually no single smoking gun — just a collection of missed signals, which is why getting a firm grasp on the facts early is the most important thing a compliance team can do.
Proactive Discovery Lets You Isolate the Threat
When a company uncovers potential fraud before regulators do, it gains the ability to isolate the wrongful actor and build distance between the individual and the organization.
Done well, this positions the company as one of the victims rather than the wrongdoer, and preserves options ranging from civil litigation against the bad actor to criminal referral to state or federal authorities.
The panelists stressed that companies who contact counsel after proactively spotting something suspicious — but before receiving anything from the government — have by far the widest range of strategic choices available to them.
Missed Red Flags Are the Recurring Through-Line
In nearly every major fraud the panel handled, the red flags were present all along: an external auditor who refused to sign off and was replaced, warning emails that went unread, and employees who raised concerns that were not taken seriously.
These ignored signals are frequently what transforms a matter from a civil "nothing to see here" posture into a criminal case, and in several instances sent C-suite executives to prison.
Prosecutors often build a simple timeline exhibit showing when leadership was notified and that nothing was done — a single page that can establish there is a significant problem.
Loop In Counsel Early to Protect Privilege
When a company hires an investigator on its own, that investigator's work product is generally not protected and becomes a discoverable business record that regulators can obtain.
Bringing in counsel first — and having counsel engage the investigator — helps preserve attorney-client privilege and work-product protections from the outset of an investigation.
The panel cautioned against looping in more people than necessary or letting them exchange informal, "loosey-goosey" emails that can lock the company into an early narrative or create damaging documents that would not otherwise exist.
Follow the Financial Data Where the Dollars Live
Absent an insider whistleblower, the government most often catches fraud by analyzing financial data — public filings and data supplied to regulators — and then pulling on the thread once something looks irregular.
Compliance officers should have a direct line of sight into financial records and an open channel to the CFO and finance function, rather than being hemmed in and cut off from the people who hold the data.
Monitoring can be augmented with AI platforms or dedicated reviewers to surface red-flag indicators, but the essential requirement is simply having visibility into the numbers, down to anomalies as granular as an employee's unexplained expense charges.
Compliance Is the Entire Company's Job
The compliance department may be only a handful of people, but detection depends on the whole organization, which requires an easy, trusted route for employees to raise concerns without fear of being ostracized.
Reporting tools such as hotlines and disclosure systems should be reframed from narrow "compliance tools" into enterprise-wide risk-management channels that any high-integrity employee feels comfortable using.
Just as important is education for employees outside compliance, so the entire company understands what compliance does, why it matters, and how to recognize and escalate something that does not look right.
Document the Facts, Not the Opinions
Every document should be written as though it will one day be shown in a court proceeding or produced to the government, which means recording facts formally rather than speculation or emotionally charged opinions.
The panel distinguished deliberate documentation of key steps — preservation notices, notifications to the right people — from harmful "stream of consciousness" updates generated needlessly throughout an investigation.
A practical discipline is to review the finished documentation from the perspective of a regulator or opposing counsel, rephrasing conclusions as facts ("her statement was inconsistent with this document" rather than "she lied") and noting what is missing, since gaps can be filled in with adverse intent.
Opportunity Is the Fraud-Triangle Lever You Control
Of the fraud triangle's three elements — pressure, opportunity, and rationalization — the panel agreed that opportunity is the one compliance teams can most directly influence through internal controls.
Even in a company of two or three people, someone is likely capable of embezzling, and cases like the Collins Street Bakery "fruitcake fraud" show how a well-liked, over-trusted employee with unchecked authority can steal for years undetected.
Pressure is also addressable through culture: constant demands to hit earnings targets or quotas feed misconduct, so leaders should take the temperature of the organization by seeking candid feedback from people on the ground, not just managers.
Early Warning Signs Reveal Themselves as Patterns
Individually, an odd accounting entry or an audit question that got explained away does not prove fraud — but repeated over time, these become the raw material of a scheme.
Recurring indicators include transactions that fall just below approval thresholds, journal entries with vague explanations, chronically delayed reconciliations, and controls that are repeatedly overridden, especially once they harden into "that's just how we do things."
The panel urged a posture of disciplined suspicion — assume a credible report is true until it is disproven rather than explaining it away — while treating AI carefully, since informal tools can be inaccurate and discoverable, and counsel should be involved before AI is used in an investigation.
Practice with Tabletops and Keep Counsel on Standby
Running tabletop exercises — including both "nothing burger" scenarios and genuinely significant ones — builds the muscle memory teams need to distinguish noise from a real issue and to know how to document it when the moment arrives.
These rehearsals double as culture-building, creating a space where employees feel comfortable sharing concerns and see management actively listening.
The panel strongly recommended keeping a specialist attorney on standby who already understands the business and its risks, so the organization is not scrambling to find help in the middle of a crisis.
Process, Not Perfection, Is How You're Judged
Companies do not get credit for being perfect; they get credit for having a thoughtful process — investigating appropriately, taking corrective action, and documenting decisions as they are made.
Prosecutors and auditors are far more sympathetic to an organization that had effective controls, ran enterprise risk assessments, and reasonably concluded a matter was nothing, even if that conclusion later proved wrong.
A company can only see what it has visibility into, so the enduring test is reasonableness of process — whether the program should have caught the problem — not whether the company got every judgment right.
Closing Summary
The core lesson of this session is that the most consequential moments in a financial-misconduct matter happen long before any subpoena, in the quiet accumulation of anomalies that a disciplined organization can still see, investigate, and act upon. The panelists — drawing on decades of prosecution, defense, and forensic accounting experience — returned again and again to a few durable principles: watch the data, treat compliance as everyone's responsibility, isolate the wrongful actor to protect the company, and document facts rather than opinions with an eye toward how a regulator will one day read them. Just as important is the human infrastructure around detection: a culture where raising a hand is safe, controls that actually work rather than merely exist, tabletop rehearsals that build muscle memory, and trusted counsel on standby before a crisis hits. For ethics and compliance professionals, the takeaway is both reassuring and demanding — you will not be judged on perfection, but on the reasonableness of your process, which means the work of building that process must happen now, in the calm before the subpoena, rather than in the chaos that follows it.
Enjoyed this article?
Subscribe to our newsletter for more insights on ethics and compliance.
View All Articles