An investigation showed that one of the employees of the company’s branch sent information about the ongoing tender to an external email belonging to an unknown user
The results of the monitoring revealed that the employee was ordered to send the document to this email address by his manager. He explained that he was out of town and could not login to the corporate mailbox, so he was going to receive an email sent to the private mailbox.
The risk management department had reason to believe that the manager plotted to leak the information that would make the company lose the $9-million tender. The information wasn't breached, because the risk management department was prudent to encrypt the document. However, the manager of the branch was dismissed.
Sometimes a violator is just a doer - someone who implements a malicious scenario of an initiator. Often these implementers are fraud victims who are told that what they are asked to do is a common task given by a manager. They have no idea of the purpose which the task was posed for.