Subscribe to PLMJ’s newsletters to receive the most up-to-date legal insights and our invitations to exclusive events.
We are looking for people who aim to go further and face the future with confidence.
Subscribe to PLMJ’s newsletters to receive the most up-to-date legal insights and our invitations to exclusive events.
We are looking for people who aim to go further and face the future with confidence.
PLMJ’s Internal Investigations practice is dedicated to helping organisations identify, understand and address allegations of misconduct that could impact their business operations or reputation.
. In the current climate of increasing scrutiny and regulatory complexity, driven by legislative developments in areas such as anti-corruption, whistleblowing, harassment, data protection and cybersecurity, having appropriate internal processes in place is essential. These processes must be capable of detecting and resolving issues before they escalate. Our Internal Investigations team empowers leadership teams to respond strategically to crises, mitigate legal and reputational risks, and demonstrate accountability to stakeholders.
Internal investigations involve a thorough and confidential analysis of potential irregularities within a company. Irregularities may include fraud, corruption, harassment, regulatory breaches, security incidents or compliance failures. Such investigations are often launched in response to employee reports, compliance alerts, requests for information, preliminary inquiries, regulatory inquiries or shareholder demands. Our aim is to establish the facts, assess risks, and provide practical recommendations that will protect the organisation. This process culminates in the preparation of a final report, which documents the methodology, conclusions, and recommended corrective measures.
Our highly qualified, multidisciplinary team has extensive experience in various legal fields, compliance, risk management and corporate governance. We work with forensic experts specialising in various scientific disciplines to deliver comprehensive, integrated solutions that can address any specific type of investigation and meet the needs of key economic sectors.
We act with the necessary speed, focus and pragmatism. However, we also proceed with the necessary rigour and care to avoid disrupting day-to-day operations and safeguard subsequent steps. These steps may include complaints to the relevant authorities, legal proceedings or disciplinary actions.
We support our clients from the preliminary stage of the investigation. We define its scope in compliance with legal requirements regarding employment and personal data protection. We also analyse the tools used to collect and analyse information, paying particular attention to those based on artificial intelligence. This approach ensures the validity and admissibility of evidence, as well as the lawfulness of our actions.
When working with boards of directors, audit committees or executive teams, we provide independent and objective analysis to support informed decision-making and safeguard organisational integrity.
Our team provides specialist services to clients conducting workplace misconduct investigations. Our aim is to protect the organisation’s interests and maintain a responsible, healthy and productive working environment.
We are experienced in dealing with the various issues that arise in the context of internal workplace investigations. These include the importance and challenges associated with the investigator’s role, selecting the person responsible for the investigation and ensuring independence. We also assist with defining the scope and terms of reference, as well as matters relating to legal privilege, disclosure of information, cybersecurity and data protection.
In many jurisdictions, including Portugal, regulatory issues arise, such as due diligence obligations and ESG reporting. These make workplace culture and environment critical factors that must be consciously managed as a risk dimension.
At PLMJ, we carry out rigorous investigations into legitimate reports received from employees, suppliers and other stakeholders through the whistleblowing channel or any other means. Our investigations enable our clients to create action plans to ensure compliance with the necessary standards and best practices, helping them address internal threats and avoid or manage external interventions and investigations effectively.
Companies operating in sectors with complex regulatory frameworks, such as financial services, healthcare, energy and global trade, are required to adhere to strict reporting, supervision and compliance standards.
Where there is credible suspicion of irregularities, organisations have a legal obligation to promptly address these concerns and launch an internal investigation.
Furthermore, beyond legal obligations, stakeholders demand transparency and accountability from organisations and their leadership. There is also a real and significant cost to organisations that are subject to such conduct, or where it occurs within their ranks. Failing to properly investigate internal matters can result in legal liability, significant reputational damage, a loss of competitiveness, and difficulties accessing finance. Compliance is not merely a procedure. It is a fundamental element of the overall risk management strategy. Pursuing fraud and corruption is now an obligation as well as a safeguard for organisations.
As the European regulatory framework has evolved from the GDPR to the NIS 2 Directive and the DORA Regulation, cybersecurity and risk management have become central to organisational governance.
This is particularly true in critical sectors such as energy, transport, banking, digital infrastructure, healthcare and manufacturing.
Information security, confidentiality, data protection and trade secrets are cross-cutting issues for any company, and incidents can cause significant damage and jeopardise business continuity.
Our team supports the implementation of procedures and the drafting of internal policies, including internal reporting, supply chain management and procurement. We have extensive experience in personal data protection and are familiar with the new legal frameworks that apply.
We also support the management of incidents or suspected incidents. Our team applies the relevant legislation, identifies notification obligations and prepares the necessary documentation for communicating with the relevant authorities. This covers both cybersecurity and data protection matters, as well as dealing with sector-specific regulators.
We conduct internal investigations in the context of incidents, suspected breaches, and assessments of compliance with internal policies. Where applicable, we incorporate disciplinary and criminal perspectives. We also carry out incident simulations and audits to test response plans and identify vulnerabilities.
In addition, we provide support in the post-incident phase, including handling any resulting litigation. This includes civil liability claims, disputes with suppliers or customers, and potential class actions. We lead recovery processes and internal reviews to identify lessons learnt, with a view to continuously improving procedures and strengthening the organisation’s resilience.
We conduct internal investigations to help organisations anticipate or respond to intervention by various regulatory bodies across a wide range of sectors.
We provide services to help organisations navigate legal challenges associated with such interventions, conducting investigations to identify potential irregularities and anticipate liability. This allows companies to act prudently and, if necessary, participate in leniency programmes that safeguard their reputation as responsible entities.
We also support clients in preparing for and responding to investigations by government regulators, ensuring they understand the legal requirements and risks involved. If formal investigations are opened, we can represent clients in their defence in proceedings conducted by government bodies.
The implementation of emerging technologies, such as artificial intelligence systems, can pose risks relating to the protection of personal data and the presence of algorithmic biases that could result in unlawful discrimination and harm to consumers.
These risks can also lead to financial or reputational damage to the organisation itself. In this context, our team conducts internal investigations to assess how well the digital solutions adopted comply with the applicable regulatory framework, including the GDPR, the Artificial Intelligence Act, and other sector-specific legislation.
Our integrated approach combines legal, technical, and risk management expertise to identify compliance gaps, evaluate exposure to regulatory sanctions, and propose suitable remedial actions. We collaborate closely with our clients’ technology, compliance, and management teams to ensure that digital tools respect users' fundamental rights, promote algorithmic transparency, and comply with reporting obligations and human oversight requirements.
We also support our clients in the post-investigation phase by assisting with the implementation of identified recommendations, updating internal policies and preparing for potential regulatory enforcement actions or litigation.
Corporate security investigations are designed to protect organisations' assets and operations.
In today’s increasingly complex and globalised business environment, companies face a wide range of threats. These include industrial espionage, intellectual property theft, internal sabotage and bribery and corruption within supply chains. Our team conducts thorough investigations to identify vulnerabilities, detect unlawful conduct, and safeguard our clients’ operational continuity.
We provide comprehensive advice on matters such as analysing suspicious transactions, investigating conflicts of interest, and assessing risks in merger and acquisition transactions. Our approach combines forensic investigation methodologies with specialist legal expertise. This enables us to establish the facts with precision and advise clients on the legal implications and strategies for damage mitigation. We help organisations protect their assets, safeguard their reputation and maintain the trust of investors, clients and other stakeholders.