Responding to fraud: a practical checklist for general counsel

Andrew Moore, Tobin Meagher
07 Jul 2023
Time to read: 4.5 minutes

Every fraud generates unique issues and challenges which a general counsel will need to navigate, but some matters typically require immediate attention.

What issues does a general counsel, when confronted with a suspected major fraud committed against their company by an employee acting alone, or in collusion with others, need to consider as a matter of urgency? This article presents a 10-point practical checklist.

1. Establish a properly structured investigation

The investigation should be structured in a way that maximises the prospects that any reports or other output of the investigation are protected by legal professional privilege.

This generally means that the legal department and your external solicitors should play a central role in the investigation, including directly engaging any forensic accountants or investigators (rather than the relevant business unit engaging those experts). Contemporaneous evidence documenting that the purpose of the investigation is to enable the company to obtain legal advice is also very important. The general counsel should also periodically report the results of the investigation to the chief executive officer and/or board. Amongst other things, the investigation team must ensure the preservation of confidentiality and the integrity of hard copy and electronic evidence for future civil or criminal proceedings.

2. Secure hard copy and electronic evidence

The legal department should ensure that the company gathers and secures relevant evidence as soon as possible to avoid it being lost or destroyed, either by the suspected perpetrator of the fraud or through normal business practices.

Identify who has relevant documents and whether they are in electronic (eg. emails, hard drives, USB sticks or phones) or hard copy format, as well as their location. Not surprisingly, electronic devices are very important sources of evidence. Any laptop, desktop computer or work smartphone which was used by the alleged perpetrator should be secured.

If an electronic device is seized and data is reviewed or extracted, those involved should follow and document a strict chain of custody.

3. Notify the fidelity insurer (if any)

After uncovering a potential or an actual fraud, you should promptly determine if you have fidelity cover. If so, you should then carefully consider the notification clause, any policy deductible or limits, relevant exclusions, time limits for submission of proof of loss and investigative costs coverage.

If coverage does or may exist, promptly notify the insurer of circumstances which may give rise to a claim. As an insured’s correspondence with its insurer prior to confirmation of coverage will generally not be protected by common interest privilege, you need to prepare these communications carefully.

As far as your claim is concerned, the insurance policy will typically require it to be proven to the civil standard of proof.

4. Confront the perpetrator with the allegations

An important, and sometimes difficult, decision is whether and when to confront the individual about the fraud allegations.

If the fraud is ongoing, the general counsel will usually be under considerable pressure from the board and management to put a stop to it as soon as possible. It may however be advantageous sometimes not to do so for a short further period. That way, you might gain greater insight, through covert surveillance into the employee’s modus operandi, into whether they are acting alone or in concert with others, and sometimes also the whereabouts of the stolen funds. In order to conduct surveillance of this nature, any applicable workplace surveillance requirements under New South Wales and ACT law will need to have been complied with.

After gathering evidence, you may want to confront the employee before commencing proceedings with a view to obtaining admissions upfront. However, if there is a real risk that the employee or any third party will begin immediately dissipating assets or moving them out of the jurisdiction, the better approach may be to start civil proceedings and apply for a freezing order (Mareva injunction) before putting the allegations to the employee.

If there is sufficient evidence to show that the employee has engaged in serious misconduct justifying summary dismissal, the company can either suspend them and give an opportunity to respond to the allegations, or proceed to terminate their employment subject to any contractual or procedural fairness requirements. Whatever comes first, the employee should be escorted directly out of the premises and access to all systems removed to avoid the risk of evidence being removed or destroyed. You can arrange the return of any personal belongings at a later stage.

5. Consider asset recovery options, including a freezing order

Subject to the outcome of the investigation, you will likely have one or more the following recovery options:

  • claiming against the fidelity insurer (if any);
  • commencing civil proceedings against the employee and any third parties, including applying promptly for a freezing order (Mareva injunction); and/or
  • making a claim for victim’s compensation if the employee is convicted of a criminal offence.

It is important that you analyse your options and develop an overall asset recovery strategy. Key considerations will include:

  • the quantum of the fraud;
  • the potential defendants’ asset positions; and
  • what was done with the proceeds of the fraud.

You may also need to weigh up the relative importance of asset recovery against the company’s other objectives, such as reputation management or a desire that the perpetrator(s) face criminal justice.

6. Consider whether to seek a freezing order or other urgent relief

There are considerable strategic advantages in obtaining a freezing order preventing the employee and, in some cases, third parties from dissipating any assets up to the value of the company’s claim (based on the then available evidence as to the quantum of the loss).

A freezing order puts the company in a strong position in any proceedings. Not only does it restrict dealings with assets but the usual ancillary order requiring the defendant(s) to swear an affidavit disclosing their assets often helps with tracing and locating missing funds. You should also consider whether any other urgent interlocutory relief, such as a search order (ie. Anton Piller order), should be sought.

An advantage of commencing proceedings is that subpoenas can then be issued to third parties, such as financial institutions, to produce relevant documents. This will assist in following the money trail.

7. Identify any claims against third parties

It is very important to look beyond the employee(s) involved and consider potential liability of any third parties who benefited from, or were in any way connected with, the fraud.

Depending on the facts, a third party could be liable, for example, if they have relevant knowledge as an accessory to the employee’s breach of fiduciary or statutory duty. Even if knowledge cannot be proved, it may still be possible to trace stolen funds to third parties who have received those funds as volunteers. Potential claims against the company’s bank should also be considered.

8. Comply with any reporting obligations

A corporate victim may have all sorts of reasons for not reporting fraud to the authorities. However, in NSW, a company which knows or believes that another person, including a former employee, has committed a serious indictable offence will usually be obliged to report the matter to the police (Crimes Act 1900 (NSW), section 316).

Where a company must do so, you must decide whether to report the matter immediately or wait until the conclusion of its investigation, and possibly even any civil recovery proceedings. Various factors will need to be considered. In addition, there might be an obligation to report the matter to any relevant regulator.

9. Assist with any police investigation

Unless the company is the victim of a significant or complex fraud, in which case the matter will likely be handled by a specialised "fraud" unit, the matter will usually be handled by the relevant Local Area Command.

In our experience, police authorities are generally under-resourced. If the board or senior management wish to see the perpetrator(s) face criminal justice, the company will usually need to provide substantial assistance to the police.

10. Manage reputational issues

If the fraud is significant, you should carefully consider what, if any, communications may need to be made to the company’s staff and suppliers, and be prepared for media attention. If criminal proceedings are pending, you must ensure the company does not make any statements which may constitute contempt of court.

Key takeaway for General Counsel

There will also be various longer-term implications, including ensuring that any corporate governance weaknesses are remedied. However, in our experience, the above checklist provides a good starting point for identifying the issues which typically require immediate attention.

Get in touch

Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this communication. Persons listed may not be admitted in all States and Territories.