In Spain, forensic accounting is systematically associated with courtrooms: the accounting expert who testifies in criminal proceedings, the court-appointed specialist who quantifies financial harm. That image, while legitimate, covers only a fraction of what forensic financial investigation can do for a business. In English-speaking markets — where forensic accounting has been established as an independent corporate service for decades — organisations use it proactively: to detect fraud before it crystallises into loss, to protect an acquisition, to handle internal reports without escalating to the courts, and to build the control record that Article 31 bis of Spain's Penal Code demands.
This guide explains what corporate forensic accounting is, how it differs from judicial expert work, when it is indispensable and how an engagement of this kind is structured within the Spanish regulatory framework.
Corporate forensic accounting versus judicial expert testimony: the distinction that matters
Judicial expert testimony is reactive by definition. It is triggered when a conflict already exists — a lawsuit, a criminal complaint, an arbitration — and its function is to provide the tribunal or arbitrator with a technically grounded opinion on accounting or financial questions beyond the adjudicator’s knowledge. The expert may be court-appointed or party-appointed; in either case, the report is subject to cross-examination in court and its author may be called to ratify it.
Corporate forensic accounting is, by contrast, a risk management service. Its client is not a court but a Board of Directors, an Audit Committee, a buyer conducting M&A due diligence, or a compliance officer managing a report received through the ethics channel. Its objectives are: to establish the facts with sufficient certainty for well-founded business decisions, to quantify the economic impact of an irregularity, to identify the control weaknesses that allowed it to occur, and — only if the facts warrant it — to prepare the documentation for subsequent legal action.
The practical difference is material. A company that detects fraud warning signs and commissions an internal forensic investigation before filing a complaint is in a far stronger procedural position — and avoids mistakes such as alerting the suspected perpetrator, destroying evidence or filing premature complaints that cannot be sustained — than a company that goes directly to the courts with undocumented suspicions.
Five scenarios in which companies need forensic accounting
1. Forensic due diligence in M&A transactions
Standard financial due diligence analyses audited financial statements, normalises EBITDA and verifies net financial debt. What it does not systematically detect are irregularities concealed within the vendor’s accounting: premature revenue recognition to inflate the valuation, related-party transactions at non-market prices that distort recurring profit, fictitious invoicing to customers who are in fact companies controlled by the vendor, or payments to non-existent suppliers that reduce the tax base at the expense of stripping the company’s assets.
Forensic due diligence — run in parallel with standard financial due diligence — applies transactional analysis techniques to the vendor’s complete accounting database. Instead of reviewing samples, it analyses every journal entry. It applies Benford’s Law to detect invented figures. It cross-references the supplier master file against the commercial register to verify that counterparties exist and are operational. It identifies anomalous invoicing patterns — amounts just below approval thresholds, unusual frequency of credit notes, concentration of transactions in the closing days of the financial year — that a conventional document review would miss.
The cost of forensic due diligence is small relative to the risk it mitigates. A valuation error based on revenues artificially inflated by 15% on a company with €3 million EBITDA and a 7x multiple represents an overpayment of more than €3 million.
2. Internal investigation following a whistleblower report
Law 2/2023 of 20 February, governing the protection of persons reporting regulatory breaches and combating corruption — the Spanish transposition of Whistleblowing Directive 2019/1937 — requires companies with 50 or more employees to maintain an operational internal reporting channel. A report received through that channel — or any other route — alleging financial irregularities triggers a set of obligations for the company: investigate the facts diligently, protect the reporter from retaliation and document both the process and the outcome.
The investigation cannot be conducted by personnel who report hierarchically to the person under suspicion, nor by the internal control department if it reports to whoever is being investigated. Engaging an external forensic team — with demonstrable independence from all parties — is the only route that protects the company against claims by the subject of the investigation (for violation of privacy rights or procedural guarantees) and against claims by the whistleblower (for non-compliance with the whistleblower protection law).
The external forensic team documents the chain of custody of digital evidence, conducts interviews following protocols that allow their use as evidence or as the basis for disciplinary proceedings, and issues a report that the governing body can present before any authority — the shareholders’ meeting, the AEAT (tax authority), the Public Prosecutor or a court — with full guarantees of independence.
3. Shareholder disputes and corporate governance conflicts
Corporate conflicts — challenge of resolutions, shareholder exclusion, liability claims against directors — frequently have a financial dimension requiring independent forensic investigation. Have directors withdrawn company funds through undisclosed related-party transactions? Have they diverted business opportunities to entities they own? Have they manipulated the accounts to artificially reduce the book value of a minority shareholder’s stake in order to force them out?
These questions are not answered by a standard audit. The auditor verifies that the annual accounts present a true and fair view; they do not investigate whether the underlying transactions serve spurious interests. Forensic analysis starts from the hypothesis of irregularity, accesses the supporting documentation, reconstructs the actual cash flows and quantifies the harm suffered by the affected shareholder with the precision that a liability claim against directors under Article 236 of Spain’s Companies Act (Ley de Sociedades de Capital) requires.
4. AML/anti-money laundering investigations — regulatory requirement or preventive action
Law 10/2010 of 28 April on the prevention of money laundering and terrorist financing — amended on multiple occasions and implemented by Royal Decree 304/2014 — imposes on obliged entities (including tax advisers, auditors, notaries, real estate developers, financial institutions and lawyers conducting certain transactions) an obligation to apply enhanced due diligence to high-risk transactions.
When a company detects within its supply chain, customer base or corporate structure AML risk signals — counterparties with presence in non-cooperative jurisdictions, opaque ownership structures, cash transactions above legal thresholds, unexplained variations in business volumes — a forensic financial investigation allows the company to establish rigorously whether a genuine money laundering exposure exists or whether the anomalies have a legitimate, documentable explanation.
This type of preventive investigation — before an inspection by SEPBLAC (Spain’s anti-money laundering supervisor) or the AEAT — allows the company to demonstrate effective due diligence, reduce regulatory exposure and, where necessary, file suspicious transaction reports with the solid factual basis that Article 18 of Law 10/2010 requires, without incurring the risk of a reckless or unfounded report.
5. Post-acquisition financial reconstruction
Post-closing surprises are one of the most costly risks in M&A. When an acquired company delivers, in its first months under new management, results substantially below projections, the first step is to distinguish between genuine operational deterioration and pre-existing accounting manipulation that standard due diligence failed to detect.
Forensic financial reconstruction analyses the acquired company’s accounts year by year, identifies the adjustments that should have been made under a strict true and fair view standard, and quantifies the difference between the financial statements presented by the vendor and the actual financial position. If the difference exceeds the thresholds agreed in the price adjustment or warranty clauses of the purchase agreement, the forensic report is the technical basis for activating those clauses or pursuing a contractual or tortious liability claim against the vendor.
Methodology: how a corporate forensic investigation is structured
A professional forensic investigation follows a methodology that preserves the validity of evidence and the independence of the team under any subsequent scenario — including judicial proceedings if the facts require it.
Scope definition and evidence preservation. The first action, before any analysis, is to secure relevant digital and documentary evidence in its original state: forensic imaging of the affected computer systems with cryptographic hash generation that certifies data integrity, preservation of emails and communications, and restricted access to the accounts for the period under investigation to prevent alteration. This phase is critical: evidence obtained without an adequate chain of custody is inadmissible in court.
Transactional analysis of accounting data. The technical core of the investigation. Work is conducted on the complete database of the company’s ERP system — not on aggregated financial statements — and data analysis tools are applied to identify anomalous patterns: journal entries recorded outside working hours or on public holidays, related-party transactions at off-market prices, duplicate supplier invoices, unusual concentration of transactions around the year-end, or unjustified variations in margins by product line or customer.
Benford’s Law analysis. This mathematical law describes the statistical distribution of the first digit in numerical sequences of natural origin (invoices, contract amounts, bank transactions). Any set of invented or manipulated figures tends to deviate from this distribution in a statistically significant way. Benford analysis is a first-level detection tool that directs the investigation towards the areas of greatest risk.
Document review and structured interviews. Numerical evidence is supplemented by review of supporting documentation: contracts, delivery notes, correspondence, internal approvals. Interviews with key individuals — managers, heads of department, finance staff — follow structured protocols that ensure their usefulness in subsequent proceedings and minimise the risk of interviewees altering or destroying additional evidence.
Digital forensics. When the investigation points to deliberate manipulation of computer records, digital forensic analysis recovers deleted files, reconstructs the modification history of documents and emails, and establishes the authorship of specific computer actions through access logs and file metadata.
Executive and expert report. The findings are documented at two levels: an executive report for the Board or Audit Committee — oriented towards decision-making — and a detailed technical report that can be presented before any judicial or regulatory authority. The report quantifies the harm caused, identifies those responsible to the level of certainty achieved, describes the control weaknesses that allowed the irregularity and recommends the corrective measures the company must adopt.
The Spanish legal framework
Corporate forensic accounting operates at the intersection of several statutes that every investigation team must know precisely:
Penal Code, Article 31 bis. Regulates the criminal liability of legal entities for offences committed on their behalf and for their benefit by their representatives, directors or employees. The exemption requires the company to demonstrate the prior existence of an organisational and management model with effective prevention and control measures. A well-documented forensic investigation — demonstrating that the company detected the irregularity, investigated diligently and adopted corrective measures — is a central element of that defence.
Law 10/2010 on the prevention of money laundering. Imposes on obliged entities a system of continuous due diligence on clients and transactions. Forensic investigations with an AML component must align with the procedures and thresholds established by this law and by SEPBLAC’s guidelines.
Law 2/2023 on the whistleblowing channel. Establishes the requirements of the internal investigation process for reported concerns: investigator independence, response timelines to the reporter (acknowledgement within seven days, substantive response within three months), confidentiality and prohibition of retaliation.
Penal Code, Article 290. Makes deliberate falsification of annual accounts a criminal offence. Forensic investigations that detect such conduct must be documented with sufficient rigour to support, where appropriate, a criminal complaint under this provision.
Civil Procedure Act (LEC), Articles 335-352. Regulate the judicial expert and the requirements for an expert report. Although the initial engagement is corporate, if the investigation leads to judicial proceedings the forensic report must comply with these requirements to be admissible as evidence.
Anonymised case study: forensic due diligence that prevented a €1.8 million loss
A Spanish industrial group — a manufacturer of components for the automotive sector, operating three plants — initiated in the third quarter of 2024 the acquisition of a strategic supplier with whom it had maintained a commercial relationship for over eight years. Standard financial due diligence concluded that the candidate’s adjusted EBITDA was €2.4 million, with a proposed acquisition multiple of 7.5x — a purchase price of €18 million.
The buyer’s Audit Committee, which had had prior access to the candidate’s financial statements through the commercial relationship, noted that the gross margin had increased 4.8 percentage points over the two most recent financial years without any meaningful investment in processes or technology. It commissioned a parallel forensic due diligence from BMC’s corporate advisory team.
Transactional analysis of the complete accounting database — over 340,000 journal entries across the three most recent financial years — identified a systematic pattern: invoices from two logistics services suppliers whose VAT numbers did not appear in the commercial register, with aggregate amounts of €1.8 million over twenty-seven months. Benford’s Law analysis showed an anomalous first-digit distribution in the purchase invoices for that period, consistent with invented or manipulated figures. Cross-referencing the supplier master file against beneficial ownership data revealed that the directors of both companies — incorporated in the year prior to the start of the commercial relationship — shared a registered address with the candidate’s chief financial officer.
The forensic report, issued three weeks before the planned closing date, enabled the buyer to: (1) renegotiate the price downward by €2.1 million, reflecting both the elimination of fictitious EBITDA and the associated tax contingency; (2) include a price retention clause in the contract conditional on the outcome of a tax inspection communicated to the AEAT; and (3) replace the candidate’s CFO within one hundred days of closing as a condition for earn-out payment.
The cost of the forensic due diligence engagement was €28,000. The quantified saving on the purchase price: €2.1 million.
How BMC approaches corporate forensic accounting
BMC’s defining characteristic is multidisciplinary integration. A forensic investigation that covers only the accounting dimension — without legal analysis of the criminal implications, without tax assessment of the contingencies identified, without evaluation of the employment law consequences for those involved — is an incomplete investigation that can leave the company in a more exposed position than before.
At BMC, the forensic team natively integrates professionals from corporate advisory, criminal and corporate law, taxation and AML compliance. This structure means that the same engagement covers, without gaps, the factual investigation, the quantification of harm, the assessment of the company’s criminal exposure under Article 31 bis, the valuation of tax contingencies and advice on the disciplinary and organisational measures the company must take.
The international dimension is equally relevant for groups operating across multiple countries. Modern fraud structures rarely stay within a single jurisdiction: fund diversion typically involves accounts in low-tax jurisdictions, shell companies in third countries or intra-group transactions at artificial transfer prices. BMC’s team has coordination capacity with correspondents in the principal European jurisdictions and can manage cross-border information requests within the framework of international mutual legal assistance conventions.
Warning signs that must not be ignored
Companies that have suffered significant fraud share, in retrospect, a consistent pattern: the warning signs were present months or years before the fraud was detected, but nobody gave them the importance they deserved. The most frequent signals in the Spanish context:
- Unjustified variations in gross margins by product line, customer or cost centre, with no evident operational explanation.
- Suppliers whose invoiced volumes grow disproportionately relative to the growth of the business they ostensibly serve.
- Employees in positions with access to payment systems who systematically resist delegating tasks or taking extended leave.
- Discrepancies between accounting balances for customers and the balance confirmations those same customers send to the external auditor.
- Payments to suppliers with recently changed banking details, particularly where the change was not requested in writing by the counterparty.
- Directors who leave the company abruptly — especially if they negotiate their severance package quickly — in circumstances that do not fit the official narrative.
- Anonymous reports or customer complaints about unusual commercial practices that management tends to dismiss as misunderstandings.
None of these signals is conclusive in isolation. But the co-occurrence of two or more of them in the same period justifies at minimum a preliminary analytical review to establish whether a full forensic investigation is warranted.
When to act: the cost of inaction
Analysis of corporate fraud cases in Spain reveals a consistent pattern: the average period between the start of a fraud and its detection exceeds eighteen months. During that period, the fraud continues, the damage accumulates and the prospects of recovering the loss diminish as the suspected perpetrator consolidates their position or moves funds beyond the company’s reach.
Inaction in the face of warning signs is not a neutral posture. From the perspective of Article 31 bis of the Penal Code, a company that has control mechanisms in place but fails to activate them when it receives indications of irregularity — or that activates an internal investigation that does not follow adequate protocols — will struggle to demonstrate that it had an effective prevention system. Criminal liability of the legal entity may not be exculpable if the directors knew of the warning signs and did not act with the requisite diligence.
The right decision is not necessarily to commission a full forensic investigation in response to every anomaly. The first step is a consultation with a specialist team to calibrate the actual level of risk and determine what type of review — from a preliminary data analysis to a full forensic investigation — is proportionate to the available indications.
At BMC we can help you assess the situation and structure the appropriate response. See our corporate forensic accounting services.
