Internal controls, culture help with prevention – but cautious investigations, appropriate discipline also important, say lawyers offering tips for HR
"You can never eliminate [fraud], but you can certainly minimize it significantly.,”
So, says David Milosevic, managing partner at Milosevic and Associates.
That statement rings especially true in light of a recent fraud case in Saskatchewan. Tony Dou, a former provincial government employee, was arrested on charges of money laundering and breach of trust by the Royal Canadian Mounted Police (RCMP).
According to the RCMP investigation, between April 2015 and July 2022, Dou fraudulently altered documents and accessed government databases without authorization, obtaining $650,000 from participants in the Saskatchewan Immigrant Nominee Program (SINP).
These types of fraud cases are common across Canada, Milosevic says:. “The only thing that was a little bit different about this one was that it was an employee on the inside.”
While many organizations focus on preventing external breaches, Milosevic notes that internal threats can be just as damaging
“If someone knows the system, they can defraud,” he says.
A similar case emerged last week, where a Winnipeg worker was charged with stealing $38,500 from a department store by manipulating specific transactions.
So, how should employers work to minimize employee fraud attempts in their workplace? By eliminating any opportunities that allow it to occur," says Dora Konomi, senior associate lawyer at Walker Law.
Pressure, opportunity and rationalization are the three main aspects that make unethical action more likely, she says, calling it the “fraud triangle.”
“For the most part, what I see is that employees have pressure, whether financial or personal stresses, and there's a need for money.”
Employees may identify opportunities to defraud employers due to weak internal controls and then rationalize their behaviour. People convince themselves it’s harmless or deserved, Konomi explains.
While employers can't always address personal pressures or rationalization, they can eliminate opportunities and gaps in their internal systems to prevent it from happening altogether, she says.
One of the most common structural weaknesses that causes internal fraud is when a single employee has full access to critical systems and processes.
For example, Konomi says some businesses have only one controller or employee who both approves and authorizes payments.
“Often it happens where controllers just create fake invoices. They pay themselves. They create fake vendor lists,” she says.
That’s why segregation of duties is so important, Konomi explains. Instead of having one person handle invoice approval, vendor creation and payment authorization, the entire payment process should involve multiple people.
“For smaller companies, typically you only have one person that deals with everything. Well, what I think is important... is dual authorization for payments, so it will be a two-person approval for wire transfers,” she adds.
Dual authorization, Konomi says, should also apply to CEOs, as there can be situations of power abuse.
Milosevic echoes Konomi’s advice
In the Saskatchewan case, he notes, the likely scheme involved payroll fraud in which ‘fictitious employees’ were created to pocket cheques. These types of schemes often go unnoticed in large organizations, as employees can get lost in the shuffle.
Milosevic recommends separating the responsibilities of hiring and payroll functions.
“The same person can't control the hiring and the payment,” he says. “Then, there's no information that's bleeding through to a third party you can monitor”.
Schemes like this can also be deterred with basic due diligence—such as employers meeting the individual being paid and double-checking their information.
However, government organizations don’t always have the resources to do that level of verification, he says.
Other structural and technical safeguards include job rotation and IT alerts, Konomi says.
Job rotations, she says, help prevent opportunities for fraud, especially in larger organizations, as they give another employee the chance to review previous work.
“A lot of the time when we catch fraud... it's when someone goes away on vacation and there's a replacement, and they're like, ‘Hold up, something doesn't add up here,’” Konomi explains.
IT departments should implement alerts for unusual login activity, unauthorized database access, and conduct routine audits, she says.
Different industries tend to have their own best practices for minimizing fraud, Milosevic adds. But it’s up to businesses to police themselves.
Unfortunately, many employers still only learn after the fact that fraud has occurred internally. “They learn that inventory is suddenly going down, but income is not going up—so there's inventory that's being stolen,” he says.
Beyond technical safeguards, Milosevic says the most powerful fraud prevention tool is cultural.
“The ethics of the organization are the first part of the defense in fraud examination work,” he says.
The tone from the top of management should make clear that fraud will not be tolerated and will be condemned.
“I had a case where I was defending a fraudster who was a controller at a company who stole a lot of money from the company, and... I argued a defense of what's called ‘condemnation condoning,’” Milosevic says. “I demonstrated that there was a culture of condoning fraud in this company. And guess what? This guy who admitted the fraud on tape, —I got him off.”
To set the tone, employers should implement processes such as anonymous tip lines, where employees can speak up honestly about questionable business practices.
Training employees to recognize red flags, Konomi adds, can also help build a strong workplace culture.
“For example, if someone is at the office late hours but it doesn't make sense —why are they there?” she says. “Just training [employees] to recognize some red flags, whether behavioural or technical—and maybe creating guidance on how to report them.”
When fraud is suspected involving an employee, both lawyers emphasize that a proper investigation should take place before anyone is accused.
“The worst thing that [can] happen is where you accuse someone, you go public about it, and then they slap you with a defamation lawsuit,” Konomi says.
Investigations should be conducted discreetly, Milosevic says. Employers need to examine the loss that occurred and question those who might have relevant information. No one should be directly accused, and all interviews should be conducted voluntarily, he says.
“I had one case where they were interviewing the person who was accused, and during the interview, they closed the door and one person stood by the door. That was involuntary confinement,” he says.
During ongoing investigations, HR should focus on maintaining confidentiality, Milosevic says. “They don't want the information or suspicion about an employee to start being disseminated and creating rumours throughout a business.”
You don't want the employee who might be accused of fraud to know about the investigation, Konomi adds, as they could flee.
“Only discuss the matter with people who are absolutely necessary,” she says. That includes the IT department and accounting teams, who can help trace and investigate the matter internally.
One of the most common mistakes employers make, Milosevic says, is acting rashly and emotionally, creating more problems for their organization.
“They will improperly accuse [an] employee,” he says.
If internal evidence confirms fraud, Konomi says there are legal tools employers can use—often without informing the employee first.
One such tool is a Norwich application, which allows an employer to obtain financial records from banks to trace where the money went.
Norwich applications are powerful legal tools used to obtain evidence from third parties to prove fraud, identify wrongdoing, or recover property. As noted in an article by Benjamin Grant of the County of Carleton Law Association, they have been used in employee fraud cases to secure information before the target has a chance to destroy evidence
Once that information is secured, employers can pursue a Mareva injunction—a court order that freezes the employee’s assets so they can’t be moved or hidden.
“A Mareva injunction is ultimately an opportunity to seize and freeze the assets pending the disposition of your claim,” she says. “You don’t collect that money right away. But what you’re telling the banks... is ‘, I have a court order. Pursuant to this court order, these persons’ assets have to be frozen. They can’t go anywhere.’”
However, Konomi explains, you must meet a high threshold to obtain this type of order. Employers must present a detailed and well-supported case—for example, where a fake vendor was created and funds were diverted into the employee’s personal account.
Once fraud is confirmed, employers have the legal right to take disciplinary action.
Konomi says employers can move to terminate the employee for cause—but this must be done in compliance with provincial employment standards legislation.
They can also sue the employee to recover damages caused by the fraud.
“You have the evidence that you think you're satisfied with, but you still have to prove it in a court of law,” she says.
Employee fraud can lead to criminal charges under Section 380(1) of the Canadian Criminal Code, which covers fraud over or under $5,000.
If convicted, employees can face jail time, permanent criminal records, fines, and court-ordered restitution.
