home
A national forum and fostering arena for those with
expertise in fraud prevention, detection and investigation.
MEMBER/AFFILIATE SIGN-IN


password reminder
0
Media Centre :: Articles ::

Embezzling Your Way to Riches

Denis Desnoyers

Movie and rock stars have a new word to describe affluence, success, sex appeal and being part of the in crowd. It is called "bling bling". The media and social disjointedness culminate to create a malaise of self centeredness which steers people into a confusing environment. Everyone, it seems, wants their share of bling bling. For the over whelming majority of us, reality involves working hard and domestic responsibilities, neither of which afford us the opportunity to strut our way around town. Unfortunately, there is an increasingly large group of individuals whose questionable morals and strong desire to live the dream life allows them to justify actions which the rest of us would deem as embezzlement.

As the culture of affluence evolves so does the culture of embezzlement. Two out of every five businesses are defrauded every year. Most of those frauds are committed by the companies' own employees and half are discovered by chance. Needless to say, frauds are bad for business, not only in terms of the financial loss they represent and disruptions to operations but also the impact on revenues caused by a negative image in the market place. More often than not it makes better business sense to have an employee depart quietly than to have a public criminal trial.

There are instances however where cases of embezzlement should be reported to authorities. Government departments are publicly accountable and must report matters suspected of being criminal in nature. Many companies have similar policies. These tend to apply to low level employees where the size of the fraud is small and the risk of market place impact is minimal because the media will not cover minor incidents. Outside pressures may also play a role in involving the authorities.

This article focuses on the relationship between industry and the police as it pertains to embezzlement. Gone are the days when a company could simply report a case of fraud and walk away expecting the police to gather all of the evidence needed to prosecute. In noting that fraud is big business for industry, it should also be noted that there are no shortages of frauds. The police are not on a crusade to solve all crimes. Police work has become a business in itself. Police managers must contend with limited budgets and personnel as they decide which area to focus on. A number of issues must be addressed and this starts long before a complaint is made or an offence is detected.

Prevention is invaluable in lessening the chances a fraud will occur by bringing about a culture of moral responsibility. Here are the corner stones of healthy business practices:

  • regular internal and external audits and reviews
  • good corporate morals
  • good records and controls
  • proper orientation training
  • strong enforcement policies
  • clear roles and responsibilities
  • close monitoring of costs
  • monitoring employees' activities
  • checking the background and reference of job applicants.
  • exercise due diligence when dealing with unfamiliar clients and suppliers or when anyone uses a mail drops for address (e.g. P.O. boxes)

Furthermore, employers should recognize red flags such as employees who:

  • turn down promotions
  • take no holidays
  • refuse to have someone else assume their responsibilities while they are away
  • appear to be living beyond their means
  • have substance abuse problems
  • are able to rationalize breaking company rules

When breaches do occur, and in the life of any business they will, what should be done? Revisit the above prevention practices? Absolutely. Conduct a directed audit or review of the problem area and report the findings to the police? Well, yes and no. Any audit undertaken for administrative reasons will be of limited use to police. Administrative audits are valuable tools for management decision making process and for adapting business practices. Ideally, a criminal investigation should not stand in the way of resolving the administrative process in a normal fashion, i.e. disciplining or dismissing an employee. An administrative audit is an administrative tool. It focuses on what should have been done and what can be done. Breaching rules may be perceived as morally criminal by those who adhere to company policy. However, it is not legally criminal. In particular, the following are not criminal in nature:

  • stupidity
  • bad decisions
  • rumours
  • personality conflicts
  • human error
  • breach of contract
  • incompetence
  • arrogance
  • speculation
  • popularity contests
  • civil disputes
  • red flags

What is the definition of a criminal fraud? There are two important elements which must be proven; the criminal act and the criminal intent. R. vs ZLATIC tells us that police must show the that prohibited act, be an act of deceit, a falsehood or some other fraudulent means; and deprivation caused by the prohibited act, which may consist in actual loss or place of the victim's pecuniary interest at risk. In most fraud case cases, proving the criminal act is the easy part. By its very nature, frauds require some form of paper work which serves to corroborate witness evidence. Proving criminal intent is much more difficult and is the first consideration for defence attorney strategies. Turning once again to case law, R vs ZLATIC tells us that the police must show that the subjective knowledge of the prohibited act; and subjective knowledge that the prohibited act could have as a consequence the deprivation (putting at risk) another's pecuniary interest. Establishing criminal intent can be done by showing that the alleged offender:

  • had the proper education and training
  • knew the proper procedures and had repeatedly performed them
  • had a duty to be accurate
  • made efforts to conceal records
  • destroyed evidence
  • make false statements
  • solicited others to provide false testimony
  • obstructed efforts to find the truth
  • converted benefit for personal gains
  • had records of "borrowing"
  • made tacit admissions

Reporting to police events associated to a fraud routinely takes the form of an audit report. From a police perspective, administrative audits reports can be divided into three parts: the administrative portion, the grey portion and the criminal interest portion. The administrative portion identifies procedures that were properly followed. The grey portion describes areas where administrative procedures were not followed. The first two portions are not criminal in nature, and as such are of no particular interest to the police. The third and smallest area describes events which may be criminal in nature and require further investigation.

Due to limited resources, most police agencies have adopted a selection criteria to assess what is in the public's interest and to select which fraud cases will be accepted for investigation. Among the areas considered are:

  • whether or not the complaint falls within the police agency's jurisdiction
  • the extent of organized crime involved
  • the scope of the offence, i.e. local, national, international
  • the level of public interest
  • the age of the offence
  • whether or not restitution has been made
  • the dollar amount of the fraud
  • the ease of gathering evidence
  • the cost of conducting the investigation

The last three points are particularly important to corporate security investigators. When police review an audit report, they break it up into the areas noted above. The amount of the fraud considered is limited to the small criminal portion of the audit report. In fact an audit report is not required in all cases. The complaint forwarded to the police should be in written form and must contain a number of critical elements not the least of which is to demonstrate that a nexus of criminality exist. The complainant must identify the problem and indicate what documents exist to corroborate the facts. Copies of corroborating documents should be attached as appendixes. The original documents should be secured and their continuity recorded and made available to the assigned police investigator. The detailed complaint must include the five "Ws" and the how of report writing, i.e. who, what, where, when, why, and how. In effect, the detailed complaint becomes the company's witness statement and the author of the complaint is the person who will take the stand in court to testify as to the contents of the complaint. It is important for companies to be aware that once a complaint is made, the criminal investigation is independent from business and political considerations. Likewise, once charges are laid, the Crown Prosecutor's office assumes control of the case. If required, company employees may be compelled to testify in court.

Once the complaint is in the police agency's hands they will assess the contents of the complaint based on their selection criteria. The quality and organization of the written complaint will have an impact on the police agency's decision to proceed with an investigation. The major steps police agencies take to investigate are to:

  1. analyze the available data
  2. look for pattern
  3. create a hypothesis
  4. test their hypothesis
  5. identify specific Criminal Code Offence(s)
  6. gather the elements needed to prove the offence
  7. articulate the results in writing and present the case to the Crown Attorney's office

The above provides a rough guideline of the stages involved in an internal company fraud from detection to prosecution. In noting that fraud is big business for industry and police, there are several additional issues to contend with. Depending on the circumstance of a situation it may be prudent to stop an internal investigation in order to preserve criminal evidence. For instance, if the internal investigation has progressed to the point where criminal acts are suspected, trying to reconcile irregularities with the suspected employee will afford that employee an opportunity to destroy evidence and develop an alibi. If, on the other hand, the employee has been removed from his/her work environment and there is no possibility of compromising physical evidence, this becomes less of a concern. In situations were the offence is ongoing, the police catching the employee in the act is excellent evidence. What is paramount, however, is that the hemorrhaging of company funds cease. Successful prosecutions are never guaranteed whereas limiting a company's financial losses can be preserved. The reverse could result in killing the patient to cure the disease.

At some point in the course of events, an employee may make an admission of their involvement in an internal fraud. At some point in the reconciliation process, the internal investigator or auditor will want to interview employees and there will be occasions when employees make tacit admissions. Company policies determine how such an admission can be used in the administrative disciplinary process. If the admission was unsolicited and made to a co-worker, it can be relied upon without prejudice, however if it is made to a superior, an auditor or an internal investigator, certain policies may apply. For instance, a union representative or other representative may need to be present. Contrary to common belief, these admissions cannot always be used in the criminal process. When police officers take statements from suspects they must caution the person that anything said by them can be used as evidence and that they are under no obligation to provide a statement. The police are deemed to be persons of authority. Likewise, supervisors, auditors and internal investigators can be deemed to be persons of authority in the eye of the criminal courts; therefore, the same statement-taking rules apply. Only when there is a voluntary admission to a superior by an employee who has had their right to counsel and caution explained to them can that admission later be used in the criminal process.

In this age of privacy laws, companies have become reluctant to give information to police for fear of civil liability. This creates a dilemma for some companies. They must balance the decision to report a possible offence with the requirement to protect employees' and clients' privacy. Bad precedence has been set by some companies who request police obtain search warrants to obtain company records associated to their own fraud complaint. Search warrants require reasonable and probable grounds to believe a criminal offence has occurred. In the initial phases of a police investigation these grounds are tenuous. There is a real possibility that police agencies will turn to other cases which be easier to prove. Under Common Law authority there is no hindrance to giving documents to the police. In a case where a residence has been robbed, the police attend the scene of the crime, view the damage, attempt to gather physical evidence and ask the homeowner for a list of missing items. Without a solid base confirming that an offence has been committed the investigation will be flawed. Under Common Law authority complainants and victims can provide whatever information the police require without fear of retribution. Going to the crime scene of a company fraud does not reveal obvious clues. The police need company representatives to demonstrate how the criminal offence occurred.

There are two exceptions on how far a company can go in providing information to the police. Providing information that already exists or summaries of information that already exist is not an issue. However, an employer must refrain from becoming police agents without being fully informed of the implications. An example of an employer becoming a police agent would be if an employer were instructed by the police to meet a supplier to accept an envelope full of cash as part of a kick back scheme. The second exception is where the employee has a reasonable expectation of privacy. This may apply for example if the employee had personal files in his/her company computer and the company's policy on ownership of the data contained in the computer was not clear. Likewise, an argument could be made that an employee had an expectation of privacy in relation to the contents of the drawers in the immediate vicinity of the employee's work area. An area where there is no expectation of privacy is the company's working papers, i.e. invoices, contracts, client records or the employees' overtime and expense claims. It is always good policy to have the company's privacy policy clearly stated, in writing and easily visible (in the policy manuals and/or visible when starting up company computers). This will go a long way in elevating obstacles when problems arise.

Company policies can place an obligation on employees to answer questions from an internal investigator. Contracts can require suppliers to maintain records for several years and produce those records upon request by the company. Furthermore, some businesses may have statutory powers which authorize them to carry out their affairs. All of these avenues serve to advance internal investigations. They do not represent pit falls if they are used for their intended purpose, however, in R. vs JARVIS the courts tells us that to use these types of powers to advance a criminal investigation would result in an abuse of process if used after the matter has been reported to the police for prosecution. Any evidence derived from this type of process would be rejected as would any future evidence stemming from the abuse. In legal circles this is referred to as the fruit of the poison tree. It is important to distinguish the exact point where criminal activity was suspected. If administrative powers were used prior to criminal activity being noted there are no issues with making a report to the police and relaying on all the information gathered. Once the complaint has been made to the police the administrative powers cannot be used to advance the criminal investigation. The administrative process can continue; however, limits must be placed on what information can be shared with the police. The worst case scenario is for an administrative process to advance while a criminal offence is suspected but with no reporting of the incident to police until well after significant "administrative powers" information has been obtained (someone inside the company is trying to do the criminal investigation before turning the matter over to the police). If the police continue the investigation based on that set of evidence, the case can easily collapse at a later stage when substantial resources have been expended. An abuse of process can also result in situations where the employer threatens to report the matter to the police if the employee does not quit or pay restitution.

As private and public police agencies become increasingly burdened with internal frauds, they are also facing an increasingly complex environment to work in. Frauds are no longer the domain of the general investigator. Specialization and communication is required by industry and police to meet the challenges which lay ahead. Instead of throwing the police a bone to chew on, industry is now compelled to serve the police on a silver platter. This is not to deride the police, but to indicate that a new era of professionalism has arrived.