DEALING WITH WHITE COLLAR CRIME

THE CRIME RESPONSE PLAN

IMMEDIATE ACTION ON CRIME BEING DISCOVERED OR SUSPECTED.

We recommend that the sequence of events on the discovery of a crime or suspected crime should be :

1. An immediate report should be made to the head of the department who should in turn immediately inform the nominated board member/CEO and the Enquiry Controller. Speed and secrecy is of the essence. To ensure that there is no delay in further action, both the nominated board member and the Enquiry Controller should have nominated deputies. All this is in line with our recommended policy in Section Two.
   
2. The Enquiry Controller should take immediate steps to preserve the evidence and secure assets at risk.
   
3. The nominated board member and the Enquiry Controller will need to decide on the immediate subsequent action. Depending on the nature and seriousness of the crime this action may include:

1. notifying the South African Police Services;
2. the steps necessary to secure the assets at risk;
3. the removal of the suspect from a position of authority and the withdrawal of signing powers;
4. countering the undermining of staff morale or interference in the investigation by removing the suspect from the organisation's premises;
5. changing passwords and access codes as well as securing accounting and other records;
6. securing the contents of the suspects office, personal computer, diary and files, including all personal documents on the premises;
7. securing the relevant records held on the organization's computer network (this should be done by a computer specialist);
8. appointing the appropriate investigators to commence the actual investigation as soon as possible with the initial aim of establishing the scale of the offence and the degree of contamination within the organization;
9. doing a preliminary assessment of the following issues:

1. the possible need for civil recovery in terms of section 300 of the Criminal Procedure Act (Act 51 of 1977);
2. the possible requirement for a sequestration or anti-dissipation interdict order from the courts;
3. the registration of a likely insurance claim;
4. the specialist investigative resources which may be required;
5. and a recovery in terms of Section 37D of the Pensions Act.

INVESTIGATION WITHIN THE ORGANIZATION

As his title implies, the Enquiry Controller is normally responsible for the control of the investigation within the organization. The person that actually carries out the investigation will depend on the nature of the crime and on the organization of the institution. Large institutions with their own security department can expect that department to undertake the majority of the investigation themselves. Smaller institutions might have a designated, trained manager. Whoever undertakes the task, the investigation must be carried out to a high professional standard if the objectives are to be met. The Enquiry Controller should ensure that the investigators are adequately trained. This training should include:

• the legal issues relating to white collar crime. In particular, fraud, bribery and corruption;
• the organization's disciplinary procedures;
• evidence gathering and interview techniques;
• evaluating and presenting evidence, both orally and in writing.

When drawing up the contingency plan the Enquiry Controller should identify, brief and train individual specialists who may be required for the investigation team. Some examples are:

• A Computer Expert
  This expert must be prepared to secure the computer evidence (either on a network or a PC), in such a manner that it will be acceptable in a court of law. This will have to be preplanned and the procedures documented as part of the plan. The computer expert should be chosen with care as he or she must:
  1. have a real understanding of the roles that computers can play in the commission of a crime;
  2. be able to provide clear simple testimony of what they can prove to be a fact;
  3. have a high professional reputation as well as a professional approach;
  4. be trustworthy and able to work as part of a team;
  5. be articulate, in terms of being able to explain technical computer matters to laymen;
  6. have a "presence" before a group, displaying no irritating mannerisms and idiosyncrasies.

  The expert must be an articulate and credible witness who will be able to establish the accuracy of the data processing evidence being presented in court.

• A Legal Expert
  This person should be trained and know what is required for both civil legal recoveries and criminal prosecution.
  
• A Human Resources Manager
  This manager should be warned that he/she will have to initiate such actions as suspension, internal disciplinary hearings and provide advice on the organization's approach to the recovery of money under the auspices of the appropriate section of the Basic Conditions of Employment Act (or replacement legislation) as well as on the Pension Funds Act No. 24 of 1956.
  
• A Nominated In-House Accountant.
  This person should be trained to understand the basics of forensic accounting so that he/she can carry out this function in respect of low level frauds and be able to assemble all the relevant records and documents and prepare schedules in preparation for the deployment of an external forensic accountant. The rationale behind this is simply that forensic accountants are expensive, therefore it is sensible to have someone within the organization to assemble information and documents so that the forensic auditor's time is utilized cost effectively.
  
• Internal Auditors
  Internal Auditors have a major part to play in the prevention of white collar crime. The focus of their activity is normally on the systems in place within the organization. However the nominated Board Member/CEO should encourage their participation in the crime response plan and through the organization's audit committee expect them to be an independent monitor of the effectiveness of the plan.

(Previous) (Next)