04 May 2016

Responding to fraud: a practical checklist for general counsel

By Andrew Moore, Tobin Meagher

Every fraud will inevitably throw up its own issues and challenges which a general counsel will need to work through, but our checklist is a good starting point for identifying the issues which typically require immediate attention.

Studies show that the most common perpetrators of fraud are “business insiders”, management and employees. These frauds typically relate to misappropriation of assets and abuse of position.


What issues does a general counsel, when confronted with a suspected major fraud committed against their company by an employee acting alone, or in collusion with others, need to consider as a matter of urgency? This article presents a 10-point practical checklist.


Establish a properly structured investigation


The investigation should be structured in a way that maximises the prospects that any reports or other output of the investigation are protected by legal professional privilege.


This generally means that the legal department and the company’s external solicitors should play a central role in the investigation, including directly engaging any forensic accountants or investigators (rather than the relevant business unit engaging those experts). Contemporaneous evidence documenting that the purpose of the investigation is to enable the company to obtain legal advice is also very important. The general counsel should also periodically report the results of the investigation to the chief executive officer and/or board. Early consideration as to the make-up of the investigation team, not only in terms of capabilities but also to preserve confidentiality and to manage any conflicts of interest, is also vital. Forensic accountants are useful because they understand the concept of legal proof and the need to preserve the integrity of electronic evidence for future civil or criminal proceedings.


Secure hard copy and electronic evidence


The legal department should ensure that the company gathers and secures relevant evidence as soon as possible to avoid it being lost or destroyed, either by the suspected perpetrator of the fraud or through normal business practices.


The company should also identify who has relevant documents and whether they are in electronic (eg. emails, hard drives, USB sticks or phones) or hard copy format, as well as their location. Not surprisingly, electronic devices are very important sources of evidence. They usually contain a wealth of data and many fraudsters are not aware of the ability of forensic information technology experts to retrieve deleted data or other electronic “footprints”. Any laptop, desktop computer or work smartphone which was used by the alleged perpetrator should be secured.


If an electronic device is seized and data is reviewed or extracted, those involved should follow and document a strict chain of custody. This will be important in any subsequent proceedings, particularly criminal proceedings.


Notify the fidelity insurer (if any)


After uncovering a potential or an actual fraud, a company should promptly determine whether it has fidelity cover. If so, it should then carefully consider the notification clause, any policy deductible or limits, relevant exclusions, time limits for submission of proof of loss and investigative costs coverage.


If coverage does or may exist, the company should promptly notify the insurer of circumstances which may give rise to a claim. As an insured’s correspondence with its insurer prior to confirmation of coverage will generally not be protected by common interest privilege, care needs to be taken in preparing these communications, in particular to avoid disclosing legal advice or making statements which an opponent in litigation might later seek to use against the company.


As far as the company’s claim is concerned, the insurer will typically expect it to be proven to the civil standard of proof. This includes quantification of the claim, which can sometimes be challenging particularly if the fraud occurred over a lengthy period and internal controls and record-keeping were poor.


Confront the perpetrator with the allegations


An important, and sometimes difficult, decision is when to confront the individual about the fraud allegations.


If the fraud is ongoing, the general counsel will usually be under considerable pressure from the board and management to put a stop to it as soon as possible.

However, in certain cases it may be advantageous to allow the fraud to continue for a short further period to gain greater insight, through covert surveillance into the employee’s modus operandi, whether s/he is acting alone or in concert with others, and sometimes also the whereabouts of the stolen funds.


After gathering evidence, the company may wish to confront the employee before commencing proceedings with a view to obtaining admissions upfront. However, if there is a real risk that the employee or any third party will begin immediately dissipating assets or moving them out of the jurisdiction, the better approach may be to start civil proceedings and apply for a freezing order (Mareva injunction) before putting the allegations to the employee.


If there is sufficient evidence to show that the employee has engaged in serious misconduct justifying summary dismissal, it is still important, as a matter of procedural fairness, to give them an opportunity to respond to the allegations before their employment is terminated. If a satisfactory response is not provided, the employee should be escorted directly out of the premises and access to all systems removed to avoid the risk of evidence being removed or destroyed. Arrangements for the return of any personal belongings can occur at a later stage. The company must also comply with its other legal obligations, such as paying out any accrued statutory leave entitlements.


Consider asset recovery options


Subject to the outcome of the investigation, the company will likely have one or more the following

recovery options:

  • claiming against the fidelity insurer (if any);
  • commencing civil proceedings against the employee and any third parties; and/or
  • making a claim for victim’s compensation if the employee is convicted of a criminal offence.[1] 

It is important that the company analyses its options and develops an overall asset recovery strategy. Key considerations will include the quantum of the fraud, knowledge of potential defendants’ asset positions and what was done with the proceeds of the fraud. The company may also need to weigh up the relative importance of asset recovery against other objectives, such as reputation management or a desire that the perpetrator(s) face criminal justice.


Consider whether to seek a freezing order or other urgent relief


There are considerable strategic advantages in obtaining a freezing order preventing the employee and, in some cases, third parties from dissipating any assets up to the value of the company’s claim.


Although a freezing order is a drastic remedy, evidence of fraud will often be sufficient to satisfy the court that there is a real risk that the defendant(s) will dissipate their assets if the order is not made. However, the application must be made promptly and affidavit evidence of the nature and extent of the fraud is required. In particular, the value of the defendant(s)’ assets which are frozen will depend on the then available evidence as to the quantum of the loss (notwithstanding that the investigation will usually still be ongoing).


A freezing order puts the company in a strong position in any proceedings. Not only does it restrict dealings with assets but the usual ancillary order requiring the defendant(s) to swear an affidavit disclosing their assets often helps with tracing and locating missing funds. The company should also consider whether any other urgent interlocutory relief, such as a search order (ie. Anton Piller order), should be sought.


An advantage of commencing proceedings is that the company can cause subpoenas to be issued requiring third parties, such as financial institutions, to produce relevant documents. This will assist in following the money trail. Proceedings commenced by way of an application for a freezing order often settle well before a final hearing.


Identify any claims against third parties


It is very important for a company to look beyond the employee(s) involved and consider potential liability of any third parties who benefited from, or were in any way connected with, the fraud. The employee(s) may well no longer have sufficient assets to fully satisfy any judgment.


Depending on the facts, a third party could be liable, for example, if they have relevant knowledge as an accessory to the employee’s breach of fiduciary or statutory duty. Even if knowledge cannot be proved, it may still be possible to trace stolen funds to third parties who have received those funds as volunteers. Potential claims against the company’s bank should also be considered, particularly if the fraud involved forged cheques or breach of mandate.


Comply with any reporting obligations

A corporate victim may have all sorts of reasons for wishing to refrain from reporting fraud to the authorities. However, in NSW, a company which knows or believes that another person, including a former employee, has committed a serious indictable offence will usually be obliged to report the matter to the police.[2]


Where a company is obliged to do so, it will need to decide whether to report the matter immediately or wait until the conclusion of its investigation, and possibly even any civil recovery proceedings. Various factors will need to be considered. One reason not to report early is the risk that it could lead to a lengthy stay of any civil recovery proceedings pending the conclusion of related criminal proceedings. On the other hand, it may be prudent to report early if the suspect is a flight risk. Further, the laying of criminal charges may encourage the individual to cooperate with the company’s investigation, particularly if there is an early plea of guilty. The company also needs to consider whether it should report the matter to any relevant regulator. Government entities must comply with any applicable policies or standards regarding reporting, and listed entities may need to consider their continuous disclosure obligations for very significant frauds.


Assist with any police investigation


Unless the company is the victim of a significant or complex fraud, in which case the matter will likely be handled by the police’s fraud squad unit, the matter will usually be handled by the relevant Local Area Command.


In our experience, police authorities are generally under-resourced. If the board or senior management wish to see the perpetrator(s) face criminal justice, the company will usually need to provide substantial assistance to the police in preparing the necessary evidence, including bearing the associated costs.


It is also important to remember that the company may need to obtain the leave of the relevant civil court to provide to the police documents obtained from the defendant and/or third parties in any civil proceedings.


Manage reputational issues


Many significant frauds never become known beyond the company’s board and a small group of senior management. However, there is always a risk that they will. That risk increases significantly if civil or criminal proceedings are commenced.


In the event of a significant fraud, the company should carefully consider what, if any, communications may need to be made to its staff and suppliers. It should also prepare for the possibility of media attention. If criminal proceedings are pending, the company will need to be mindful not to make any statements which may constitute contempt of court.




Every fraud will inevitably throw up its own issues and challenges which a general counsel will need to work through. There will also be various longer term implications, including ensuring that any internal control gaps or weaknesses are remedied. However, in our experience, the above checklist provides a good starting point for identifying the issues which typically require immediate attention.



This article was first published in Inhouse Counsel, Vol 20 No 4, May 2016


[1]See, for example, Victims Rights and Support Act 2013 (NSW), section 97.Back to article

[2] Crimes Act 1900 (NSW), section 316.Back to article


Related Knowledge

Get in Touch

Get in touch information is loading


Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this communication. Persons listed may not be admitted in all States and Territories.