Good morning. This is meeting number 17 of the Standing Committee on Public Accounts, Thursday, June 2, 2016.
Today we're conducting a hearing on Report 2 of the Spring 2016 reports of the Auditor General of Canada, entitled “Detecting and Preventing Fraud in the Citizenship Program”.
We have with us today from the Department of Citizenship and Immigration, Anita Biguzs, deputy minister; and Robert Orr, assistant deputy minister of operations. From the Royal Canadian Mounted Police, we have Brendan Heffernan, director general, Canadian criminal real time identification services; and Jamie Solesme, officer in charge, federal coordination center, Canada-U.S. From the Canada Border Services Agency, we have Denis Vinette, acting associate vice-president, operations branch. Finally, from the Office of the Auditor General of Canada, we are honoured to have with us Mr. Michael Ferguson, our Auditor General of Canada; and Nicholas Swales, principal.
We will have an opening statement from each of our four witnesses. I will now ask Mr. Ferguson, the Auditor General of Canada, to proceed first.
Mr. Chair, thank you for this opportunity to discuss our 2016 spring report on detecting and preventing fraud in the citizenship program.
I'm accompanied by Nicholas Swales, the principal responsible for the audit.
In our audit we examined whether Immigration, Refugees and Citizenship Canada had adequate practices to detect and thereby prevent fraud in adult citizenship applications. We looked at practices intended to ensure that citizenship applicants met the program's residency requirements, that they had no criminal prohibitions, and that they were permanent residents of Canada.
We looked at several important controls designed to help citizenship officers identify fraud risks, and we found that these controls were inconsistently applied. As a result, people were granted citizenship based on incomplete information or without all of the necessary checks being done.
To meet residency requirements, individuals sometimes use an address that is known or suspected to be associated with fraud. Although the department had a database to help it detect the use of such problem addresses, we found cases in which data entry errors and inconsistent updating prevented officers from having accurate or up-to-date information about these addresses.
In addition, even when information was available in the system, officers did not always act on it. For example, in 18 of 49 cases, citizenship officers did not carry out the required additional procedures when the department's database system revealed the use of a problem address.
Another method of simulating residency in Canada is by altering passport or visa stamps to reflect shorter or fewer trips, thereby increasing the number of days an applicant appears to have been present in Canada. We found that the department's practices for dealing with suspicious documents were inconsistent and that its guidance was ambiguous. As a result, some regions seized problem documents but others did not, creating a risk that fraudulent documents would continue to circulate.
The department's task is further complicated by poor information-sharing with the RCMP and the Canada Border Services Agency. Although each citizenship applicant undergoes a criminal clearance check early in the application process, we found that the department had weak processes for obtaining complete information about criminal charges.
We looked at 38 cases in which the RCMP should have shared information about charges with the department and found that it had shared the information in only two cases.
We also found that after the criminal clearance check was completed, the department had no systematic way to obtain information directly from police forces, other than the RCMP, on criminal charges against citizenship applicants.
With regard to investigations of immigration fraud by the Canada Border Services Agency, we found that the agency had not shared information with the department in 11 of the 38 cases we examined.
We also found that Immigration, Refugees and Citizenship Canada did not have in place all the elements it needed to successfully manage fraud risks in the citizenship program. For example, the department did not have in place a rigorous process to identify, understand and document the nature and scope of citizenship fraud risks. As a result, the department could not make informed decisions about which risk indicators it should use to detect or prevent residency fraud.
Furthermore, the department did not have a way to verify that existing measures to detect and prevent fraud were working as intended. As a result, several adjustments that the department recently made to its fraud control measures were not supported by evidence.
We made five recommendations to Immigration, Refugees and Citizenship Canada and two recommendations to both the department and its partners, the RCMP and the Canada Border Services Agency. All three organizations agreed with our recommendations and have committed to taking actions to implement them.
Mr. Chair, this concludes my opening remarks. We would be pleased to answer any questions the committee may have.
I am pleased to appear before the committee to discuss the Spring 2016 Reports of the Auditor General of Canada.
As you've indicated, I'm here with several colleagues. From my Department of Immigration, Refugees and Citizenship, I have Mr. Robert Orr, assistant deputy minister of operations; from the Canada Border Services Agency, Denis Vinette, acting associate vice-president of operations; and from the RCMP, chief superintendent Brendan Heffernan, director general of the Canadian criminal real time identification services, and Inspector Jamie Solesme, officer in charge of the federal coordination centre, Canada-United States.
Let me open my comments, Mr. Chair, by saying that my department, IRCC, completely agrees with the Auditor General's report and recommendations. These will help us to continue to improve our processes, and departmental officials are already working quickly to effectively implement them. In fact, we have already made many improvements. We have introduced new procedures for dealing with applicants using addresses flagged as high risk. We have already provided better guidance to citizenship officers, and work is under way with the Canada Border Services Agency and the RCMP to improve information sharing.
Bill , which is before Parliament now, also proposes amendments to the Citizenship Act that will include new authority to seize documents. We have a new framework in place as well to identify and manage fraud risks in the citizenship program.
I would like you to know that the department has thoroughly reviewed all cases that the OAG flagged to determine if fraud may have occurred. As a result of this review, the department has opened an investigation into 12 cases.
In addition to the controls examined in the Auditor General's audit, IRCC has several other fraud controls that are an integral part of the program. For example, all citizenship applicants aged 15 and a half and older must pass a criminal and security clearance check in order to be granted citizenship.
The immigration history of all citizenship applicants is thoroughly reviewed to determine if concerns, investigations or law enforcement actions have been noted in our Global Case Management System.
Applications with identified risk indicators are given closer scrutiny. Citizenship officers review CBSA information on passenger travel history and examine original documents during in-person interviews. Centres of expertise deal with complex cases to better detect fraud patterns and trends.
In addition, recent legislative changes have already strengthened our ability to deter and deal with fraud. These include increased penalties for fraud and the requirement that consultants be members in good standing of a regulatory body.
A new citizenship revocation model has also been effect since June 2015, which is more efficient and less costly to the government.
I'd like now to very quickly review four specific areas identified in the Auditor General's report.
The Auditor General 's report drew attention to cases of potentially fraudulent addresses. These are addresses known or suspected of being associated with fraud, based on information from the CBSA, the RCMP, or our own citizenship officers. The department has already issued better guidance to citizenship officers in inputting information into our databases so that these problem addresses can be identified more reliably and appropriate action taken.
It is also important to understand that having a problematic address does not necessarily mean an applicant is committing fraud. There is often a valid reason why many applicants would have provided the same address.
Second, IRCC has clarified the authorities relating to document seizure and provided detailed guidance to officers on the process to seize suspicious documents.
Recent changes to the Global Case Management System mean that citizenship officers now have access to Canada Border Services Agency's lost, stolen and fraudulent document database.
In addition, Bill , which the government introduced in February, contains amendments that would provide new authorities for the seizure of potentially fraudulent documents.
The IRCC routinely receives information from its passport program and other government departments, such as Public Safety Canada, the Canada Border Services Agency, and the RCMP.
We are actively working with our security partners to ensure that the department has the most up-to-date information possible. We have engaged the RCMP to review the optimal timing for conducting criminal screening, while bearing in mind the need to process citizenship applications in a timely manner. We are also establishing processes for the RCMP to share information on criminal charges impacting citizenship applicants with the IRCC after the initial screening.
The IRCC and the CBSA have also clarified the legislative authority supporting the required information sharing needed by our department for Citizenship Act eligibility decisions, and will develop processes for sharing information on immigration fraud, and this will all be completed by December 2016.
Fourth, as part of its ongoing efforts to improve program integrity, the department developed a systematic, evidence-based approach to identifying and managing the risks of fraud. This includes establishing baselines and monitoring trends. Under this framework, the department evaluates risk indicators to verify they are consistently applied and that fraud controls are working as intended. This analysis will help us make changes, if changes are needed.
I would like to thank the committee members for your attention, and we will be pleased to answer your questions.
There's no doubt that when we reviewed the spring report, it came as a major concern.
I'll highlight a few of the statements from the Auditor General that came to light and pressed upon us the urgency of dealing with this matter very quickly.
He says with respect to checking the problem addresses that they found that, when information was available in the database, citizenship officers did not consistently act on it.
With respect to identifying fraudulent and altered documents, he said that, due to holes in IRCC's processes for detecting fraudulent documents, not only could perpetrators avoid detection and prosecution, but fraudulent documents may continue to circulate for use by other ineligible applicants.
With respect to obtaining information from the RCMP about criminal behaviour, the result, according to the Auditor General, is that the process for sharing information on charges against permanent residents and foreign nations was ad hoc and ineffective.
We have consistent statements from the Auditor General that there seems to be a human resources problem, that some of the employees at IRCC who deal with citizenship applicants are not competent. There's a lack of human resources, maybe there's a lack of technical resources, or there's a lack of financial resources.
Now, before I continue, what is the budget at IRCC and what was it in 2011 and in 2015? Can you answer that first question?
As I indicated in my opening remarks, we take the Auditor General's report very seriously. An action plan had been put in place by the department back in 2012, in the absence of what previously had been in place in terms of a risk framework and in an attempt to put in better fraud control measures.
I think, as with any system, improvements can always be made. Certainly the Auditor General's report has provided some very invaluable guidance to us in terms of the various measures we have to do. In terms of lessons learned that have come from this, our guidance to officers has had to be improved. We actually always do issue guidance to citizenship officers, but clearly, I think, issues have arisen in terms of consistency across the system. We do provide significant training to our citizenship officers. They have to go through level one and level two training. They have to pass an exam before they can render decisions in cases.
We have actually already taken on board the recommendations that have been made. We have in fact updated our guidance. We have issued new program delivery instructions. We've strengthened the guidance on, for example, problem addresses; how to identify fraudulent documents; issues around fraud controls, trying to make the procedures more consistent in terms of inputting addresses and making it clear that the officers have to use Canada Post guidelines in terms of inputting addresses; and enhancing the training we have.
The other thing, as I mentioned, is that we have developed a much more enhanced program integrity framework, which we are sharing with staff as well, that includes quality control and quality assurance processes. That will include our ability to do random targeting, to clearly outline roles and responsibilities, and to also make sure that we are doing regular anti-fraud quality assurance and quality control exercises—
Mr. Chair, we are well on our way in implementing the action plan. The dates are indicated, certainly, as I mentioned already. We have already updated our guidance. We have significantly strengthened and enhanced our guidance, our operational directions to staff.
There is other work currently under way, certainly the work with the RCMP and CBSA on information sharing. We have already been in discussion with officials of those agencies to clarify the issue of authorities. We clearly recognize the need to update our memorandum of understanding on information sharing. As I said, our outline in the plan is to have updated information-sharing agreements in place with those agencies by December.
We—and I, personally, as the accounting officer—take this very seriously. Our program integrity framework, which we have significantly enhanced, includes quality control and quality assurance. It includes the requirement to come to the executive committee of the department, which is chaired by the deputy minister, every year with the outcome of all the quality control and quality assurance reports.
The management action plan is also something that is the subject of examination by the departmental audit committee. The departmental audit committee is chaired by an external member. It includes external members outside of the department. In fact, the audit committee provides a challenge function to the department and to the deputy minister to make sure that we are indeed following through on the commitments we have made in the management action plan. That is our internal way of trying to make sure that we are keeping our own feet to the fire and that we are taking this seriously and following up on these actions. We recognize that this is a serious issue and that we have to make sure we are seeing it through.
It's good to see you again, Auditor General, and your staff. Welcome to our other guests.
Chair, I just wanted to open up with a thought or a suggestion. The AG just acknowledged that his office has not had a chance to review the action plan, and that's understandable because oftentimes they don't arrive until the day before or even of the meeting. Although we like to get it ahead of time, as long as it's here we're willing to accept that. However, I'm wondering in terms of our constant review and doing our business better, just as we ask others to do theirs better, could we work on some kind of a protocol that would give the Auditor General an opportunity to look at that action plan and give us some advice. You'll recall, Chair, that recently we were looking at some dates. Colleagues, we were working—I can't say too much because we're in public—on a report and to meet some deadlines, and one of the things we discussed was whether that was a reasonable request.
If we ask the principals, of course, they're likely to say it's totally unreasonable. Yet we don't have the expertise. So we asked our staff to contact the AG's office to see if they could share an opinion with us, which they did, which was valuable. So I'm just wondering if maybe in the future, we could talk about some way of doing that and working with the Auditor General's office, because I know they've got tonnes of work too—but even if it happened after this meeting but before our deliberations on our report, it would be helpful.
In my 12 years of experience on this committee, we've come a long way on the action plans, but there's still a lot of the minutiae in the action plan that's hard for us to evaluate, whether or not the department is serious about a deadline or whether they're just thinking that if they can swing an extra six months, they'll grab it. We have no way of knowing.
Therefore, I would just suggest maybe that that's something we could talk about, perhaps at a steering committee, as a way to improve the work we're doing and to have more accurate information, because that action plan, as you know, Chair, is everything. That's the piece that says, here's what went wrong, here's what we're going to do in the future, and here are the detailed commitments we make with deadlines.
I think we need to up our game in terms of our evaluation of that, so that we can identify where there are weaknesses and also give credit where someone is being aggressive and hitting some good targets. I leave that with you.
I also wanted to say at the outset to the departments that are here that I've got to tell you, ordinarily the Auditor General goes out of his way to at least sprinkle in the report a couple of nice things to say, highlighting something that you're doing right, to show that he's providing a balanced view. That's not in here. I didn't see anything in here where the AG said, you know, you're doing this or that well. So this is a huge problem.
The other thing I want to say in the preface—and I realize I'm using a lot of that time, but that's fine because I believe these things are critical to what we're doing here—is that the previous government made a big deal, as they should have, about security and safety, but there's a lot more to security and safety of Canadians than just guns and jets, and all through this we're talking about risk. Risk assessment, risk, risk, risk, and it's like fail, fail, fail.
It's fine for governments of the day to pound their chests and fire up the bands when the troops and the jets all head overseas, but you know, security is also the detailed boring work of making sure you're following processes. That didn't happen very well here at all and, again, I remind the department in front of us, and through you to everybody else in government, that we're coming after you in terms of data. The Auditor General has pointed out to us that we've got excellent systems after decades of perfecting them, to our credit, but the data is not always being provided totally, accurately, up to date, and there's a woeful inadequacy of analysis of that data. We're finding that rift throughout this report also.
I bring to your attention that the Auditor General pointed out that the department created an electronic repository of program integrity exercises that's available to all the IRCC staff. However, the OAG contends that although this repository includes data from 250 exercises, their results have not been analyzed to determine if any adjustments to fraud controls are needed.
I'm not an auditor. My common sense question is, you collected all that information from 250 exercises and nobody thought that we ought to analyze it?
In regard to the information sharing, there are a number of different considerations that must be taken into place. If we look at the MOU that exists between the RCMP and IRCC that was completed in 2012, there are provisions in there to share information. However, within that MOU, it does not place the limitations that exist for law enforcement in the sharing environment, i.e., the Privacy Act, the charter of rights, human rights. There are a number of different factors that are outlined specifically in that MOU that everyone must keep in mind when there are obligations, or they feel there are obligations, on law enforcement to share with other agencies.
Every agency has its own sharing processes and protocols in place, as does the RCMP. It's a matter of determining when that information can be shared and how it should be shared. When you look at the cases that we're discussing here as far as citizenship is concerned, you also must remember that when the police are doing an investigation, it's not necessary or may not be evident what the nationalities or the immigration status of those people are. It may not surface within an investigation. For example, if an officer is dealing with somebody who's charged with a simple theft charge, they may not question them on their citizenship or their status because it doesn't seem applicable to the offence, whereas if you're dealing with somebody with a citizenship fraud or an immigration fraud, their citizenship and their status become a factor in that.
I should also add in that regard that their citizenship or immigration status—whether they're a permanent resident or whatever their status is—may also come into play when a person is arrested and then being released. There's a clause within the Criminal Code. If we feel there's a flight risk, they may be asked in regard to their citizenship, their status, to ensure that the person is not going to flee.
In moving forward with the memorandum of understanding, I think those guidelines have to be clearer between our agencies. Furthermore, we need to examine what IRCC needs to do to fulfill their obligated duty. In the RCMP, we have to balance that with the expectations placed on us by other legislation to protect the privacy of every individual in Canada. There's a balancing act that has to be there.
I think with regard to the information sharing, there are processes in place. They have been effective in circumstances. There was actually one back in October 2015, in which a number of individuals connected to an organized crime case were deported. There were a variety of charges.
I should also mention that citizenship fraud or issues with fraud may not just necessarily be the sole purpose of an investigation. It may stem from bigger investigations, as the last one, which was a huge, very complex organized crime file. That was an effective means to demonstrate how well our agencies work together.
Are there challenges? Yes. Do we need to do better at trying to be able to determine what people's status is going into investigations to figure out at what point we can share information? The complexity of investigations also makes it difficult to share at times. If there's an investigation that goes in several different directions, providing notification to another agency may impact negatively on another investigation that's part and parcel of that.
We are aware of all of those circumstances. information sharing is key to a whole-of-government approach to security for national security, for economic security, for all the security needs of our country. Those are required because every agency holds information that may be required.
Perhaps I can clarify that, Mr. Chair.
In terms of the current process of conducting criminal clearance processes, we do send information to our global case management system, which is a protected system. We send it to the RCMP, and the CBSA also has access to it.
Basically, we can do a criminal check very quickly. In some cases fingerprinting of individuals may be required. That's certainly the case in a certain percentage of cases. It may take longer to get the fingerprinting results back, but as I say, we currently do have processes in place for the exchange of information.
I think what has been identified is the need for more timely information sharing, in some cases from the time we actually make a decision and actually receive some of the criminal clearances.
I would say as well, though, that in addition to the importance of doing criminal security clearances, we do look at our immigration clearance checks as well to make sure that no issues have been raised. We also check the border passenger entries of individuals. That's another way of verifying whether there have been issues. We do an in-depth program integrity interview. That's another way of actually being able to identify whether there are issues.
Our officers are trained. We've enhanced the training on the guidance on the need to look at the original documents and verify them against sample documents. We have centres of expertise as well that actually have experience in identifying the kinds of issues that officers should be looking at.
There are a number of different factors that are taken into account, in addition to, of course, the work that the RCMP and the CBSA does with us and the information they provide.
Mr. Chair, no system is perfect and I think it would have been surprising to me if there hadn't been issues identified. That's the role of the Auditor General.
As they say, every program always needs to look at itself in terms of ways to make improvements. Certainly, measures were put in place in 2012. There have been enhancements made to the program, so I wouldn't want to leave the impression there has been no system or no process in place.
I think we have had some very effective measures. The question is, were they good enough? I think clearly the Auditor General has helped to identify the fact that we need to better and we need to do more, so we have taken that on board.
I think the issue from the Auditor General's point of view that we have to take very seriously is how do we make sure that we continue to follow up on these things, that we deliver what we say that we are going to commit ourselves to and that we have a continuous process, and that it isn't the Auditor General only having to tell us where the gaps or weaknesses are, but that we actually have measures in place. That's where our quality assurance, quality control processes, are important and will be important, to make sure we are continuously learning how we can do better.
We know that fraud can change. People come up with sophisticated means of finding ways to get around the system. We have to make sure that we keep on top of that and that we're always making our system responsive and sensitive to that.
We are alive to the fact that the timing is critical. In fact, we're evolving as an operational organization, and it's a continuous requirement to review. With respect to the MOU, it was last signed in 2012, and there has been an evolution of our operational modus operandi, if you will. We agree that there is a need for the revision of that MOU now to reflect the current realities going forward.
In terms of the criminal record checks, that was actually pointed out within the Auditor General's report as something that is working well. The issue in respect to that now is the timing. When it is best to commence that activity? Or is it best possibly to commence it twice, at the front end and the back end, in order to better meet the needs of the citizenship program?
We have met since the report came out, and we welcome those recommendations, absolutely. We've met with our colleagues at IRCC, and we have a continuous dialogue going forward to meet our management action plan of determining the most effective times to do those checks. It's important to note that the checks themselves are point-in-time checks; it's what's in the system at that particular time. We do it once, but then there may be police interaction or charges laid subsequent to that before the citizenship application is processed.
We have to find that most effective spot within the process, and we are working with our colleagues at IRCC. Because there are numbers of competing interests along that process flow to citizenship, we need to determine when is the exact best time to do that. We're getting very good guidance from our colleagues at IRCC.
The Chair: Mr. Orr.
Perhaps I can start and ask Mr. Orr to fill in the details.
When individuals submit their paper applications, those are then sent to our case processing centre, located in Sydney, and the information is inputted into our global case management system. This is where we try to enhance the guidance and the instructions to staff on how to input information into the system, particularly around the issue of problem addresses, to try to make sure that we obviate any issues in how the addresses are entered. At that stage we can identify, through the system, if there may be multiple addresses. The system helps to facilitate whether, in fact, multiple addresses have already been identified at that particular address.
As I say, the information is inputted into the global case management system. There is a process of risk triage. We have risk triage criteria that have been identified, which we worked on some time ago to triage cases, to identify which cases are more complex and not routine, where more issues may be flagged, for example, if a problem address has been identified....
If it's a more straightforward case, then it can be referred back to the local office, and the local office then can go through the process. As you know, a knowledge test is administered, which an applicant has to pass in order to complete their application. There is also the language requirement. There is an in-depth interview that is also undertaken. In a straightforward case, the decision is then rendered.
In a more complex case, as I say, it will go to a higher level decision-maker in the local office, where there would be a more in-depth program integrity review. If an issue has been identified with, for example, a problem address, potentially it is referred to what we call our case management branch. They have an expertise in following up on problem addresses.
With respect to that process, as Madam Biguzs mentioned, originally the checks come in to us through the government electronic messaging and document exchange service, which is a name-based application. Once we receive the name, date of birth, and some other biographical information, we filter that through two processes: the criminal name index, which is the criminal record check, if you will; and then the persons check through the CPIC system.
If the name and date of birth and other biographical information meet a certain threshold through an algorithm that we have within the system.... If it's below that, it's a negative and we respond immediately that no information is available in our databases for this particular purpose.
If it is above that threshold, then it's inconclusive. Then we need to go back to the applicant and ask them to send in a set of fingerprints, because we apply—with every criminal record that we have in our database, the criminal record itself is matched to a legally obtained set of fingerprints, obtained under section 2 of the Identification of Criminals Act. So we would know with certainty that the identity of the individual who is submitting the prints is married to that particular criminal record. As a result, we can provide a certified document that says these prints belong to these criminal charges and they belong to the person who submitted the prints. That does take a little longer.
When we send back the initial response that said that prints were need, Immigration, Refugees and Citizenship Canada provides a letter to the individual instructing them to go to a police service or an authorized third-party agency to submit the prints to us. They have up to 30 days to do that or they need to acquire an extension from IRCC.
In some cases, information is contained in the criminal record holdings that requires follow-up from the police services. The police services themselves provide that information to the system. It's their information. Sometimes we have to ask if this information is releasable, depending on what it is. It can take a little time, but essentially the process is that a name-based check is done first; then, depending on the information derived from that, a subsequent fingerprint check might be required; and then the conclusive results are sent back either to the individual, or if he signed a third-party waiver, directly to IRCC.
I enjoyed that line of questioning. It was very good. Thank you.
I want to start by throwing something positive out just so it's not all bad, even though it seems to be mostly that way. We'll go through the action plan in detail. I was particularly pleased with Mr. Arya's, analysis of one of the commitments, which wasn't nearly as strong as he and I believe it should be.
The action plan, which unfortunately the public doesn't have before it, states the recommendation, the response from the department, the nature of the plan, the responsible office, and then the target dates. I must say that I was pleased to see that quite a bit of this work was done. None of these deadlines, at least at first blush, seems way off in the future—you don't get the sense that somebody is running you around the block here. Most of them are in September of this year, and a good number are for March of next year. I was trying to find something positive and that's what I could come up with. If that's as good as it gets, take it.
Now, back to the part where this is the public court of accountability. I am not going to let go on trying to find out how some of this stuff happened. It's dealing with information, maybe not data per se, but certainly information.
The Auditor General pointed out:
the Department...changed some of the risk indicators for residency fraud without conducting any analysis to determine whether these changes would compromise program integrity, or whether the applications that presented a higher fraud risk would still be targeted.
The OAG contends that because of these changes “significantly fewer applications were flagged as higher risk and given more in-depth assessment” .
So from a practical point of view, you made changes to the process about potential fraud and risk, but you didn't do any analysis to determine whether or not those changes would actually do any good. Help me understand how we can get to that point in a department where you make changes based on risk. Risk doesn't always turn on the big questions. Sometimes little details are just as important to keeping Canadians safe as multi-billion-dollar arms packages. I'd like to know how it is that you make changes to risk assessments with no evaluation. How can that be?
First of all, I'd like to thank you all for coming. I do have the utmost respect for what each and every one of you do. I thank you very much for sharing your time with us here today.
I want to touch a little bit on Mr. 's comments and Mr. 's comments, and I guess Mr. 's comments too, in terms of information sharing. My comments are going to be brief.
I also look at paragraphs 7 and 8 of the text of the Auditor General's comments, which Mr. referenced, which indicate that in 38 cases, information was only shared in two of them, and on a subject on which it should have been possible to share information on some level. From an outside perspective, it should have been possible to share that information.
I think sometimes when we talk about the sharing of information, it can be as simple as the not sharing of information. It's about identifying among departments and organizations the information there that's pertinent to a case, but it can't be released at any one time; and it's about making sure that each department is aware that this information is there, and that the department in question would like to release it cannot do so. There needs to be some collaboration among departments in recognition of what each department's trying to do to facilitate the common goal, which is to keep Canadians safe, and to ensure that the people who want to become citizens of this country have the ability to become citizens, while at the same time protecting the citizens who are already here.
I think it's the same in paragraph 8,. The agency only shared information with the department in 11 of 38 cases. Well, it's as simple as indicating that there is pertinent information that cannot be released at any one given time, but that when it's pertinent, when it's able to be released, it will be released; that there is relevant information there that will affect a case and definitely change the direction of somebody's citizenship case.
I was wondering if you would comment on that, Jamie, as to whether you think that's relevant. Do you think that's something that's possible? Do you think that departments do a better job of collaboratively working together? When I look at the five points that were brought up in the opening comments of Ms. Biguzs, I noticed that it's not something that was identified. There's not a clear definition of how we're going to move forward with information sharing among not only departments, but government agencies as well.
Then I have a brief question for Mr. Orr after.
Mr. Chair, again on the information sharing, can we do it better? Absolutely.
I think it's important to understand, too, with investigations at what point somebody is charged. You have to understand the way the processes work within those cases. Somebody has had a criminal records check and they're negative. Then the person engages in criminal activity and is charged, whether by the RCMP or another police force within Canada. There's an ongoing investigation, which may or may not be complete by the time the person goes to citizenship. The person can stay in a charged stage for a while, until they go to court obviously, or are convicted or dismissed, or whatever the results may be. Within this we are still compelled by the various legislation.
Now, I know there's concern about when information is shared. I bring you back to my comment with respect to there being two issues: whether we know and we haven't shared information, or we don't know so that we can't share. It's unfair to expect that law enforcement is going to target anybody of a different nationality. It goes against our policy framework on unbiased policing. It goes against the human charter of rights if we ask everybody what their status is. So you have to understand that as well. If we were doing that, we'd be audited for doing what we shouldn't be doing. You have to look at that perspective. Yes, we are trying to ensure the safety of Canadians, but we have to do it within the parameters that we're given.
If we are aware that a person is an applicant, whether they've told us or because we know through another means, or there's a discussion with IRCC, and we know we have information that we need to share, there is a process in place to do that. Even if we can't share, there's a conversation that can take place.
I think the issue, and what the committee, with all due respect, is looking for, is assurances that every effort will be made to share that information. We accept the recommendation within the action plan, and work is ongoing within that memorandum of understanding with IRCC. Those concerns, I think, you will find addressed when that MOU is clarified and specifically states what's required, when it's required, and how it will happen.
At present the MOU doesn't reflect that. It reflects that sharing will take place, but it leaves it open-ended and probably the misconception that it's just a free flow of information. I think all things have to be taken into consideration with regard to that.
Under the citizenship legislation, our officers currently do not have the authority to seize a suspicious document. Bill , which is before Parliament, actually includes that authority now. If that were to be approved, then our officers could do so.
Under the immigration legislation, officers have the authority, or under Canada Border Services under the immigration legislation, we can seize documents, but if a citizenship officer suspects that a document has been altered or is fraudulent, they can't actually take control of the document. That has led to inconsistencies in terms of our citizenship officers and what to do in those kinds of cases when they suspect that a document actually has been altered. We have updated our guidance to officers, and now, if an officer suspects there is a problem with a document, there are procedures. They can actually go to a CBSA officer or to an immigration officer in the same office. Basically, if it is an immigration document, then in fact the authority under the immigration legislation can be used to seize the document.
In the absence of an immigration-type concern, in fact, what we have now done to make sure there's consistency across the regions is that we have given guidance to our officers. Basically, they can in fact look at the document, and if they suspect there is an issue with the document, they can ask a client whether we could take control of the document.
If a client refuses, the procedures require that official copies be made of the document. We make official photocopies of the document. We alert our case management branch that is responsible for following up on issues of this nature. We put a red flag in our system, and we do not continue processing that particular applicant for citizenship until we have actually been able to verify that in fact there is no issue with respect to an identity document or a travel document that has been submitted.
As I say, we're hoping that if the legislation is passed this clarity of the authority for citizenship officers will be in place. Otherwise, we have other procedures that we've tried to put in place to address that concern.
Thank you. I think we're pretty well done.
I do have a couple of questions. First of all, Ms. Shanahan asked a question that dealt with data management, data entry, and problems. This is an area of concern that our entire committee had, not not just with regard to this department but to every department. I had better be careful here. In many departments, we have heard of data problems with the collection, maintenance, and sharing of data, and with compromised data or data that is just wrong. You did talk about quality control and a quality control framework. Thank you for doing that, because I have a feeling that when we have to draw up a report, we certainly will be talking about data control. You may expect us to ask that question about the quality control framework that you're going to put in place and the measures you have to make certain it is functioning properly.
I want to go back to a question that was asked fairly early on. The Auditor General, in exhibit 2.4, gives us a table that explains a problem with inconsistent identification of multiple applicants using the same address. In his report, he mentioned about 50 individuals who were using the same address. In response to the earlier question, you gave a reasonable answer in saying that when refugees come in, they typically use temporary housing and that many times the temporary housing is the same from one refugee to the next. We went back and looked at what the Auditor General said: “We found that officials working in local offices regularly identified problem addresses...”. In other words, they recognized those as problem addresses. It wouldn't be a problem address if they knew if was temporary housing for a refugee, but they recognized it as a problem address. The Auditor General continued, that “they forwarded them to the department headquarters. However, we also found examples where many applicants used the same address over several years although none of the citizenship officers who processed their application noticed.” They didn't notice it. They missed it. For example, one address was used by at least 50 different applicants during overlapping time periods between 2008 and 2015. Among these applicants, seven became Canadian citizens. The Auditor General then said, “This address was eventually discovered in 2015 during a residency fraud investigation...”.
Are you telling me that some of temporary residences we use for refugees coming in have been found to be used fraudulently? We keep using these addresses. We keep using these homes, and it's been discovered during a residency fraud investigation by the Canada Border Services Agency and added to the department's list of problem addresses. Can you give me a bit more information?
Mr. Ferguson, are you satisfied with the answer we got to the effect, well, you know, there are different reasons and one of the reasons is that it's a temporary address for refugees?
I'll then go back to Ms. Biguzs.
All right. Thank you very much.
This concludes our very interesting meeting today. I think we all learned a lot. As I stated, in the future we'll be drawing up a report with recommendations. You may be required at a future date to provide us more information or to come back before our committee.
I would also give you and Auditor General the opportunity, if you leave this meeting and feel you didn't explain something quite the way you wanted, to send in more testimony or to follow up with our clerk. If that's the case, we would encourage you to do so.
We always check for such additional information when considering a report of ours. If there are other areas of concern that you had coming out of this meeting, we would also love to hear from you on that. We can then follow up on it in our report.
This committee is the follow-up to making certain that departments carry through on their pledges in response to the Auditor General's reports, and we take that very seriously.
We thank you for being here today, and we now adjourn this meeting.