PACP Committee Meeting

     Good morning. This is meeting number 17 of the Standing Committee on Public Accounts, Thursday, June 2, 2016.

    Today we're conducting a hearing on Report 2 of the Spring 2016 reports of the Auditor General of Canada, entitled “Detecting and Preventing Fraud in the Citizenship Program”.

    We have with us today from the Department of Citizenship and Immigration, Anita Biguzs, deputy minister; and Robert Orr, assistant deputy minister of operations. From the Royal Canadian Mounted Police, we have Brendan Heffernan, director general, Canadian criminal real time identification services; and Jamie Solesme, officer in charge, federal coordination center, Canada-U.S. From the Canada Border Services Agency, we have Denis Vinette, acting associate vice-president, operations branch. Finally, from the Office of the Auditor General of Canada, we are honoured to have with us Mr. Michael Ferguson, our Auditor General of Canada; and Nicholas Swales, principal.

    We will have an opening statement from each of our four witnesses. I will now ask Mr. Ferguson, the Auditor General of Canada, to proceed first.

    Mr. Chair, thank you for this opportunity to discuss our 2016 spring report on detecting and preventing fraud in the citizenship program.

    I'm accompanied by Nicholas Swales, the principal responsible for the audit.

    In our audit we examined whether Immigration, Refugees and Citizenship Canada had adequate practices to detect and thereby prevent fraud in adult citizenship applications. We looked at practices intended to ensure that citizenship applicants met the program's residency requirements, that they had no criminal prohibitions, and that they were permanent residents of Canada.

    We looked at several important controls designed to help citizenship officers identify fraud risks, and we found that these controls were inconsistently applied. As a result, people were granted citizenship based on incomplete information or without all of the necessary checks being done.

    To meet residency requirements, individuals sometimes use an address that is known or suspected to be associated with fraud. Although the department had a database to help it detect the use of such problem addresses, we found cases in which data entry errors and inconsistent updating prevented officers from having accurate or up-to-date information about these addresses.

    In addition, even when information was available in the system, officers did not always act on it. For example, in 18 of 49 cases, citizenship officers did not carry out the required additional procedures when the department's database system revealed the use of a problem address.

    Another method of simulating residency in Canada is by altering passport or visa stamps to reflect shorter or fewer trips, thereby increasing the number of days an applicant appears to have been present in Canada. We found that the department's practices for dealing with suspicious documents were inconsistent and that its guidance was ambiguous. As a result, some regions seized problem documents but others did not, creating a risk that fraudulent documents would continue to circulate.

    The department's task is further complicated by poor information-sharing with the RCMP and the Canada Border Services Agency. Although each citizenship applicant undergoes a criminal clearance check early in the application process, we found that the department had weak processes for obtaining complete information about criminal charges.

    We looked at 38 cases in which the RCMP should have shared information about charges with the department and found that it had shared the information in only two cases.

    We also found that after the criminal clearance check was completed, the department had no systematic way to obtain information directly from police forces, other than the RCMP, on criminal charges against citizenship applicants.

    With regard to investigations of immigration fraud by the Canada Border Services Agency, we found that the agency had not shared information with the department in 11 of the 38 cases we examined.

    We also found that Immigration, Refugees and Citizenship Canada did not have in place all the elements it needed to successfully manage fraud risks in the citizenship program. For example, the department did not have in place a rigorous process to identify, understand and document the nature and scope of citizenship fraud risks. As a result, the department could not make informed decisions about which risk indicators it should use to detect or prevent residency fraud.

     Furthermore, the department did not have a way to verify that existing measures to detect and prevent fraud were working as intended. As a result, several adjustments that the department recently made to its fraud control measures were not supported by evidence.

    We made five recommendations to Immigration, Refugees and Citizenship Canada and two recommendations to both the department and its partners, the RCMP and the Canada Border Services Agency. All three organizations agreed with our recommendations and have committed to taking actions to implement them.

    Mr. Chair, this concludes my opening remarks. We would be pleased to answer any questions the committee may have.

    Thank you.

    Thank you very much, Sir.

    We'll now go to Ms. Biguzs and her opening statement. Thank you very much.

    Good day, Mr. Chair.

    I am pleased to appear before the committee to discuss the Spring 2016 Reports of the Auditor General of Canada.

    As you've indicated, I'm here with several colleagues. From my Department of Immigration, Refugees and Citizenship, I have Mr. Robert Orr, assistant deputy minister of operations; from the Canada Border Services Agency, Denis Vinette, acting associate vice-president of operations; and from the RCMP, chief superintendent Brendan Heffernan, director general of the Canadian criminal real time identification services, and Inspector Jamie Solesme, officer in charge of the federal coordination centre, Canada-United States.

    Let me open my comments, Mr. Chair, by saying that my department, IRCC, completely agrees with the Auditor General's report and recommendations. These will help us to continue to improve our processes, and departmental officials are already working quickly to effectively implement them. In fact, we have already made many improvements. We have introduced new procedures for dealing with applicants using addresses flagged as high risk. We have already provided better guidance to citizenship officers, and work is under way with the Canada Border Services Agency and the RCMP to improve information sharing.

    Bill C-6, which is before Parliament now, also proposes amendments to the Citizenship Act that will include new authority to seize documents. We have a new framework in place as well to identify and manage fraud risks in the citizenship program.

    I would like you to know that the department has thoroughly reviewed all cases that the OAG flagged to determine if fraud may have occurred. As a result of this review, the department has opened an investigation into 12 cases.

    In addition to the controls examined in the Auditor General's audit, IRCC has several other fraud controls that are an integral part of the program. For example, all citizenship applicants aged 15 and a half and older must pass a criminal and security clearance check in order to be granted citizenship.

    The immigration history of all citizenship applicants is thoroughly reviewed to determine if concerns, investigations or law enforcement actions have been noted in our Global Case Management System.

    Applications with identified risk indicators are given closer scrutiny. Citizenship officers review CBSA information on passenger travel history and examine original documents during in-person interviews. Centres of expertise deal with complex cases to better detect fraud patterns and trends.

    In addition, recent legislative changes have already strengthened our ability to deter and deal with fraud. These include increased penalties for fraud and the requirement that consultants be members in good standing of a regulatory body.

    A new citizenship revocation model has also been effect since June 2015, which is more efficient and less costly to the government.

    I'd like now to very quickly review four specific areas identified in the Auditor General's report.

    The Auditor General 's report drew attention to cases of potentially fraudulent addresses. These are addresses known or suspected of being associated with fraud, based on information from the CBSA, the RCMP, or our own citizenship officers. The department has already issued better guidance to citizenship officers in inputting information into our databases so that these problem addresses can be identified more reliably and appropriate action taken.

    It is also important to understand that having a problematic address does not necessarily mean an applicant is committing fraud. There is often a valid reason why many applicants would have provided the same address.

    Second, IRCC has clarified the authorities relating to document seizure and provided detailed guidance to officers on the process to seize suspicious documents.

    Recent changes to the Global Case Management System mean that citizenship officers now have access to Canada Border Services Agency's lost, stolen and fraudulent document database.

    In addition, Bill C-6, An Act to amend the Citizenship Act and to make consequential amendments to another Act, which the government introduced in February, contains amendments that would provide new authorities for the seizure of potentially fraudulent documents.

    The IRCC routinely receives information from its passport program and other government departments, such as Public Safety Canada, the Canada Border Services Agency, and the RCMP.

    We are actively working with our security partners to ensure that the department has the most up-to-date information possible. We have engaged the RCMP to review the optimal timing for conducting criminal screening, while bearing in mind the need to process citizenship applications in a timely manner. We are also establishing processes for the RCMP to share information on criminal charges impacting citizenship applicants with the IRCC after the initial screening.

    The IRCC and the CBSA have also clarified the legislative authority supporting the required information sharing needed by our department for Citizenship Act eligibility decisions, and will develop processes for sharing information on immigration fraud, and this will all be completed by December 2016.

    Fourth, as part of its ongoing efforts to improve program integrity, the department developed a systematic, evidence-based approach to identifying and managing the risks of fraud. This includes establishing baselines and monitoring trends. Under this framework, the department evaluates risk indicators to verify they are consistently applied and that fraud controls are working as intended. This analysis will help us make changes, if changes are needed.

     I would like to thank the committee members for your attention, and we will be pleased to answer your questions.

    Thank you very much.

    We'll move into the first round of questions. From the government side we have Mr. Lefebvre for seven minutes, please.

    Thank you, Mr. Chair.

    There's no doubt that when we reviewed the spring report, it came as a major concern.

    I'll highlight a few of the statements from the Auditor General that came to light and pressed upon us the urgency of dealing with this matter very quickly.

    He says with respect to checking the problem addresses that they found that, when information was available in the database, citizenship officers did not consistently act on it.

    With respect to identifying fraudulent and altered documents, he said that, due to holes in IRCC's processes for detecting fraudulent documents, not only could perpetrators avoid detection and prosecution, but fraudulent documents may continue to circulate for use by other ineligible applicants.

    With respect to obtaining information from the RCMP about criminal behaviour, the result, according to the Auditor General, is that the process for sharing information on charges against permanent residents and foreign nations was ad hoc and ineffective.

    We have consistent statements from the Auditor General that there seems to be a human resources problem, that some of the employees at IRCC who deal with citizenship applicants are not competent. There's a lack of human resources, maybe there's a lack of technical resources, or there's a lack of financial resources.

    Now, before I continue, what is the budget at IRCC and what was it in 2011 and in 2015? Can you answer that first question?

    Mr. Chair, the budget for the citizenship program on in 2015-16 was $62 million.

    What was it in 2011?

    I'd have to go back and verify that and provide it to the committee and to the chair after this meeting.

    Here's why I'm asking that question. The report also notes that in 2012 the IRCC issued a public warning that nearly 11,000 persons were linked to residency fraud investigations. Then in 2014 we had the largest ever increase of Canadian citizens being accepted in Canada, over 260,000 people.

    If the budget is cut, or there's not a budget change to deal with more of these applications, and we have a data problem, there are a lot of things that can fall through the cracks, as we say. That's why I'm asking the question whether we can determine what the budget was.

     Mr. Chair, my colleague has just provided the information that in 2013 the budget for the citizenship program was $50 million.

    Thank you.

    With respect to these inconsistencies, how would you expect the increase in volume to affect IRCC's ability to detect fraud in the citizenship program?

    As I indicated in my opening remarks, we take the Auditor General's report very seriously. An action plan had been put in place by the department back in 2012, in the absence of what previously had been in place in terms of a risk framework and in an attempt to put in better fraud control measures.

    I think, as with any system, improvements can always be made. Certainly the Auditor General's report has provided some very invaluable guidance to us in terms of the various measures we have to do. In terms of lessons learned that have come from this, our guidance to officers has had to be improved. We actually always do issue guidance to citizenship officers, but clearly, I think, issues have arisen in terms of consistency across the system. We do provide significant training to our citizenship officers. They have to go through level one and level two training. They have to pass an exam before they can render decisions in cases.

    We have actually already taken on board the recommendations that have been made. We have in fact updated our guidance. We have issued new program delivery instructions. We've strengthened the guidance on, for example, problem addresses; how to identify fraudulent documents; issues around fraud controls, trying to make the procedures more consistent in terms of inputting addresses and making it clear that the officers have to use Canada Post guidelines in terms of inputting addresses; and enhancing the training we have.

    The other thing, as I mentioned, is that we have developed a much more enhanced program integrity framework, which we are sharing with staff as well, that includes quality control and quality assurance processes. That will include our ability to do random targeting, to clearly outline roles and responsibilities, and to also make sure that we are doing regular anti-fraud quality assurance and quality control exercises—

    That's great. So that's been ongoing from basically 2015-16, when you started this?

    With regard to the program integrity framework that I just mentioned, we did have one in place, but clearly it needed to be improved and strengthened.

    Mr. Paul Lefebvre: Clearly, yes.

    Ms. Anita Biguzs: We've taken on board the recommendations of the Auditor General in that regard. Moving forward, that's in fact what we intend to do—to have regular quality control and quality assurance exercises, to see if our risk indicators are appropriate, and to see if in fact we need to modify both our procedures and the training we provide to staff.

    Here's my major concern. In the report you did in 2012, you issued a public warning that nearly 11,000 people were linked to residency fraud. Have you done another report? Have you done another investigation since 2012?

    Work is continuing in terms of the cases that were identified back in 2012. Many cases have been abandoned, dropped, or withdrawn.

    Why would that be?

    In some cases, the conclusions were such that there were no further issues, so investigations were dropped.

    With regard to the cases that involve a problem address, fraud is not necessarily being perpetrated. One of the issues in our programming is that when we have newcomers who come to Canada, oftentimes they actually reside in a temporary residence. This is particularly the case with refugees. Individuals will move into temporary housing, so you will see the same address recurring. That is why we do a comprehensive address history when an application comes forward, to be able to get to that very point.

    Thank you very much.

    We'll now move to the opposition, and Mr. Généreux.

    You have seven minutes.

    Thank you very much, Mr. Chair.

    I would like to come back to the issue of addresses.

    In his report, the Auditor General, who is with us today, states fairly clearly that there are several shortcomings in the identification of these addresses.

    Ms. Biguzs, in your report, you say that there is often a valid reason to explain why many applicants provide the same address. Could you explain how it is that applicants are identified at a same address? I am trying to understand how it can happen. What are the valid reasons that would explain that?

     Mr. Chair, as I was indicating in response to the previous question, it is often the case that when newcomers, particularly refugees, come to Canada, we work through settlement organizations. They have temporary temporary housing or apartments for newcomers until such time as they can find permanent accommodation in the locations where they are. We always ask for an address history when someone applies for citizenship, and that is for the entire period of residence of, in this case, six years. You will oftentimes see the same address as being identified because newcomers have gone into this temporary shelter, temporary housing, that is being provided by settlement provider organizations. It doesn't necessarily mean there's been fraud that has been committed, but it's a fact that you have a common address that is used for newcomers coming to Canada.

    I don't know, Mr. Orr, if you have anything to add to that, but I think that's certainly a common reason why we would see the same address recurring.

    Mr. Orr.

     As the deputy minister outlined, that's the main reason, and for people arriving who are not refugees, consultants who may have organized their arrival and so on, may use the same accommodation. Other immigrants may recommend a particular address—“This is a good place to live”—and so the same people go to the same addresses. It's normal and explicable why certain addresses continue to appear.

    For the past few months, particularly since Christmas, many refugees have been living in hotels. In those cases, is the hotel address indicated in their file? How does that work?

    Yes, that would be the case. They must identify the address normally six years before they apply. There can be no breaks during that period; so if they're in a hotel, that is the address they would give at that time.

    Thank you.

    Mr. Ferguson, since you tabled your report, have you had an opportunity to see or verify what each department has implemented? Have you had any feedback since then?

    The situation is the same as today. It's the department's action plan that is in force, and we haven't had a chance to evaluate it.

    When do you expect the plan will be reviewed or that checks will be made with respect to what has been implemented in all the departments?

    The other way to do a review like this is to conduct a follow-up audit. So far, we do not intend to conduct such an audit. The office will determine whether a follow-up audit should be done at some point.

    So there is no predetermined set timetable to put some pressure on departments or to ensure that all the elements that they said they would implement were. You can say you very much agree with the content of a report, but that does not necessarily mean that you are going to do everything that's in the report.

    This committee's role is to obtain the action plan of the department and other organizations, and to ask questions about it. As I mentioned, we will have an opportunity to do another audit in the future, but in the short term, what is most important is that the committee ask the department questions about the action plan.

    Ms. Biguzs, in terms of the action plan, you said in your remarks that you accepted the Auditor General's report and that you were going to implement it. That is what I understood from your comments.

    Have all the Auditor General's recommendations already been implemented? If so, what progress has been made on them?

     Mr. Chair, we are well on our way in implementing the action plan. The dates are indicated, certainly, as I mentioned already. We have already updated our guidance. We have significantly strengthened and enhanced our guidance, our operational directions to staff.

    There is other work currently under way, certainly the work with the RCMP and CBSA on information sharing. We have already been in discussion with officials of those agencies to clarify the issue of authorities. We clearly recognize the need to update our memorandum of understanding on information sharing. As I said, our outline in the plan is to have updated information-sharing agreements in place with those agencies by December.

    We—and I, personally, as the accounting officer—take this very seriously. Our program integrity framework, which we have significantly enhanced, includes quality control and quality assurance. It includes the requirement to come to the executive committee of the department, which is chaired by the deputy minister, every year with the outcome of all the quality control and quality assurance reports.

     The management action plan is also something that is the subject of examination by the departmental audit committee. The departmental audit committee is chaired by an external member. It includes external members outside of the department. In fact, the audit committee provides a challenge function to the department and to the deputy minister to make sure that we are indeed following through on the commitments we have made in the management action plan. That is our internal way of trying to make sure that we are keeping our own feet to the fire and that we are taking this seriously and following up on these actions. We recognize that this is a serious issue and that we have to make sure we are seeing it through.

    Thank you very much. Unfortunately, your time is up.

    We will now move to Mr. Christopherson, please, for seven minutes.

    It's good to see you again, Auditor General, and your staff. Welcome to our other guests.

    Chair, I just wanted to open up with a thought or a suggestion. The AG just acknowledged that his office has not had a chance to review the action plan, and that's understandable because oftentimes they don't arrive until the day before or even of the meeting. Although we like to get it ahead of time, as long as it's here we're willing to accept that. However, I'm wondering in terms of our constant review and doing our business better, just as we ask others to do theirs better, could we work on some kind of a protocol that would give the Auditor General an opportunity to look at that action plan and give us some advice. You'll recall, Chair, that recently we were looking at some dates. Colleagues, we were working—I can't say too much because we're in public—on a report and to meet some deadlines, and one of the things we discussed was whether that was a reasonable request.

    If we ask the principals, of course, they're likely to say it's totally unreasonable. Yet we don't have the expertise. So we asked our staff to contact the AG's office to see if they could share an opinion with us, which they did, which was valuable. So I'm just wondering if maybe in the future, we could talk about some way of doing that and working with the Auditor General's office, because I know they've got tonnes of work too—but even if it happened after this meeting but before our deliberations on our report, it would be helpful.

    In my 12 years of experience on this committee, we've come a long way on the action plans, but there's still a lot of the minutiae in the action plan that's hard for us to evaluate, whether or not the department is serious about a deadline or whether they're just thinking that if they can swing an extra six months, they'll grab it. We have no way of knowing.

     Therefore, I would just suggest maybe that that's something we could talk about, perhaps at a steering committee, as a way to improve the work we're doing and to have more accurate information, because that action plan, as you know, Chair, is everything. That's the piece that says, here's what went wrong, here's what we're going to do in the future, and here are the detailed commitments we make with deadlines.

    I think we need to up our game in terms of our evaluation of that, so that we can identify where there are weaknesses and also give credit where someone is being aggressive and hitting some good targets. I leave that with you.

    I also wanted to say at the outset to the departments that are here that I've got to tell you, ordinarily the Auditor General goes out of his way to at least sprinkle in the report a couple of nice things to say, highlighting something that you're doing right, to show that he's providing a balanced view. That's not in here. I didn't see anything in here where the AG said, you know, you're doing this or that well. So this is a huge problem.

    The other thing I want to say in the preface—and I realize I'm using a lot of that time, but that's fine because I believe these things are critical to what we're doing here—is that the previous government made a big deal, as they should have, about security and safety, but there's a lot more to security and safety of Canadians than just guns and jets, and all through this we're talking about risk. Risk assessment, risk, risk, risk, and it's like fail, fail, fail.

    It's fine for governments of the day to pound their chests and fire up the bands when the troops and the jets all head overseas, but you know, security is also the detailed boring work of making sure you're following processes. That didn't happen very well here at all and, again, I remind the department in front of us, and through you to everybody else in government, that we're coming after you in terms of data. The Auditor General has pointed out to us that we've got excellent systems after decades of perfecting them, to our credit, but the data is not always being provided totally, accurately, up to date, and there's a woeful inadequacy of analysis of that data. We're finding that rift throughout this report also.

     I bring to your attention that the Auditor General pointed out that the department created an electronic repository of program integrity exercises that's available to all the IRCC staff. However, the OAG contends that although this repository includes data from 250 exercises, their results have not been analyzed to determine if any adjustments to fraud controls are needed.

     I'm not an auditor. My common sense question is, you collected all that information from 250 exercises and nobody thought that we ought to analyze it?

    Somebody please?

    On the issue of risk analysis, our risk criteria were based on very extensive work that we have done from getting feedback from the RCMP, CBSA, and from our own officers, who supplied information gleaned from refusals and revocations. We have looked at that. We also have done extensive interviews with judges.

    Are you talking about the past, the present, or the future? I'm talking about the fact that 250 exercises took place, and data were collected. Nobody thought that we should analyze the data. That's my question. How could it be that we have these 250 exercises of data collection and nobody seemed to think it was worth analyzing?

    The undertaking that we have done clearly recognizes that we need to do better. We need to do more, and we need to improve our processes.

    Now we're getting closer.

    We have an action plan in place. We have been putting in measures for fraud detection and fraud control. Clearly, we need to do better. We need to improve the work we're doing. We have put in place a systematic, evidence-based approach to identifying and managing risk. It includes quality assurance and quality control. This means we will be doing strengthened analysis activities. We have had our framework validated by an independent third party to make sure that we have checks and balances on what we're doing. We will also be doing exercises as many as three times a year to get the feedback we need as part of our work plan and part of our continuous improvement, which will include random targeting. I take the point that we need to do better. That's the reason we have put this in place and are working towards a strengthened framework for dealing with fraud.

    Ms. Zahid.

    I'll touch on the topic of information sharing between IRCC, CBSA, and the RCMP. The Auditor General's report has told us that the process for information sharing on charges against permanent residents and foreign nationals was ad hoc and ineffective. In relation to the RCMP and IRCC, and also in relation to CBSA and IRCC, can the officials provide insight on the current system of information sharing and the possible courses of action that can be taken to enhance and solidify this process of sharing information among these three departments?

     I'll begin by saying that we have always done criminal security checks in our immigration clearance checks. Certainly, as part of the citizenship process, there are issues in the timeliness of the information we receive. We're working to improve our processes with the RCMP and with CBSA.

    I'll turn to my colleagues to elaborate on that.

    In regard to the information sharing, there are a number of different considerations that must be taken into place. If we look at the MOU that exists between the RCMP and IRCC that was completed in 2012, there are provisions in there to share information. However, within that MOU, it does not place the limitations that exist for law enforcement in the sharing environment, i.e., the Privacy Act, the charter of rights, human rights. There are a number of different factors that are outlined specifically in that MOU that everyone must keep in mind when there are obligations, or they feel there are obligations, on law enforcement to share with other agencies.

    Every agency has its own sharing processes and protocols in place, as does the RCMP. It's a matter of determining when that information can be shared and how it should be shared. When you look at the cases that we're discussing here as far as citizenship is concerned, you also must remember that when the police are doing an investigation, it's not necessary or may not be evident what the nationalities or the immigration status of those people are. It may not surface within an investigation. For example, if an officer is dealing with somebody who's charged with a simple theft charge, they may not question them on their citizenship or their status because it doesn't seem applicable to the offence, whereas if you're dealing with somebody with a citizenship fraud or an immigration fraud, their citizenship and their status become a factor in that.

    I should also add in that regard that their citizenship or immigration status—whether they're a permanent resident or whatever their status is—may also come into play when a person is arrested and then being released. There's a clause within the Criminal Code. If we feel there's a flight risk, they may be asked in regard to their citizenship, their status, to ensure that the person is not going to flee.

    In moving forward with the memorandum of understanding, I think those guidelines have to be clearer between our agencies. Furthermore, we need to examine what IRCC needs to do to fulfill their obligated duty. In the RCMP, we have to balance that with the expectations placed on us by other legislation to protect the privacy of every individual in Canada. There's a balancing act that has to be there.

    I think with regard to the information sharing, there are processes in place. They have been effective in circumstances. There was actually one back in October 2015, in which a number of individuals connected to an organized crime case were deported. There were a variety of charges.

    I should also mention that citizenship fraud or issues with fraud may not just necessarily be the sole purpose of an investigation. It may stem from bigger investigations, as the last one, which was a huge, very complex organized crime file. That was an effective means to demonstrate how well our agencies work together.

    Are there challenges? Yes. Do we need to do better at trying to be able to determine what people's status is going into investigations to figure out at what point we can share information? The complexity of investigations also makes it difficult to share at times. If there's an investigation that goes in several different directions, providing notification to another agency may impact negatively on another investigation that's part and parcel of that.

    We are aware of all of those circumstances. information sharing is key to a whole-of-government approach to security for national security, for economic security, for all the security needs of our country. Those are required because every agency holds information that may be required.

    What measures would the IRCC take to ensure that under the Privacy Act the privacy of these individuals is respected, but you get ongoing information when the applications are in process?

     Perhaps I can clarify that, Mr. Chair.

    In terms of the current process of conducting criminal clearance processes, we do send information to our global case management system, which is a protected system. We send it to the RCMP, and the CBSA also has access to it.

    Basically, we can do a criminal check very quickly. In some cases fingerprinting of individuals may be required. That's certainly the case in a certain percentage of cases. It may take longer to get the fingerprinting results back, but as I say, we currently do have processes in place for the exchange of information.

    I think what has been identified is the need for more timely information sharing, in some cases from the time we actually make a decision and actually receive some of the criminal clearances.

    I would say as well, though, that in addition to the importance of doing criminal security clearances, we do look at our immigration clearance checks as well to make sure that no issues have been raised. We also check the border passenger entries of individuals. That's another way of verifying whether there have been issues. We do an in-depth program integrity interview. That's another way of actually being able to identify whether there are issues.

    Our officers are trained. We've enhanced the training on the guidance on the need to look at the original documents and verify them against sample documents. We have centres of expertise as well that actually have experience in identifying the kinds of issues that officers should be looking at.

    There are a number of different factors that are taken into account, in addition to, of course, the work that the RCMP and the CBSA does with us and the information they provide.

    Unfortunately, again we're out of time.

    We'll go back to Monsieur Généreux, this time for a five-minute round.

    Thank you, Mr. Chair.

    My question is for the officials from the department and the RCMP.

    If I've understood correctly, the Auditor General presented findings. Did you expect these findings?

    Mr. Chair, no system is perfect and I think it would have been surprising to me if there hadn't been issues identified. That's the role of the Auditor General.

    As they say, every program always needs to look at itself in terms of ways to make improvements. Certainly, measures were put in place in 2012. There have been enhancements made to the program, so I wouldn't want to leave the impression there has been no system or no process in place.

    I think we have had some very effective measures. The question is, were they good enough? I think clearly the Auditor General has helped to identify the fact that we need to better and we need to do more, so we have taken that on board.

     I think the issue from the Auditor General's point of view that we have to take very seriously is how do we make sure that we continue to follow up on these things, that we deliver what we say that we are going to commit ourselves to and that we have a continuous process, and that it isn't the Auditor General only having to tell us where the gaps or weaknesses are, but that we actually have measures in place. That's where our quality assurance, quality control processes, are important and will be important, to make sure we are continuously learning how we can do better.

    We know that fraud can change. People come up with sophisticated means of finding ways to get around the system. We have to make sure that we keep on top of that and that we're always making our system responsive and sensitive to that.

    As far as sharing documents and how fast it's done, did you expect this report? My question is for the RCMP representatives.

     We are alive to the fact that the timing is critical. In fact, we're evolving as an operational organization, and it's a continuous requirement to review. With respect to the MOU, it was last signed in 2012, and there has been an evolution of our operational modus operandi, if you will. We agree that there is a need for the revision of that MOU now to reflect the current realities going forward.

    In terms of the criminal record checks, that was actually pointed out within the Auditor General's report as something that is working well. The issue in respect to that now is the timing. When it is best to commence that activity? Or is it best possibly to commence it twice, at the front end and the back end, in order to better meet the needs of the citizenship program?

     We have met since the report came out, and we welcome those recommendations, absolutely. We've met with our colleagues at IRCC, and we have a continuous dialogue going forward to meet our management action plan of determining the most effective times to do those checks. It's important to note that the checks themselves are point-in-time checks; it's what's in the system at that particular time. We do it once, but then there may be police interaction or charges laid subsequent to that before the citizenship application is processed.

     We have to find that most effective spot within the process, and we are working with our colleagues at IRCC. Because there are numbers of competing interests along that process flow to citizenship, we need to determine when is the exact best time to do that. We're getting very good guidance from our colleagues at IRCC.

    The Chair: Mr. Orr.

    If I may, I'll add that one of the issues that has reduced the risk to a certain degree on the criminal checks, which are going on well, is the processing times. Citizenship applications used to take two-and-a-half to three years to be processed. New applications are now being processed in less than a year, which means that when we do the criminal check, there's far less time for something to happen.

    I agree, it's an improvement. Do you think the delay is still too long?

    This is one of the things that we are in the process of considering. When is the best time to do that? We had been doing it early in the process, and we think it may be possible to do it a bit later. We're reluctant to do it twice in the process, because about 10% to 15% of people have to go and provide fingerprints, which is a fairly onerous imposition on these applicants. We would like to do it just once, but at a time when it's effective and at a time when we think we can manage the risk appropriately.

    Thank you very much, Mr. Orr, and thank you, Mr. Généreux, for your question.

    We'll go to Ms. Shanahan.

    Thank you to the witnesses for appearing this morning, because of course we're not here to prevent people from coming to our country. We would like to welcome people to Canada, yet for all the people who go through the proper procedures and are doing it legitimately, any time there is a case of fraud, or certainly a serious threat to our public security, that endangers the potential for other new Canadians to come here.

    I'm trying to get a grip on what the process is like. It sounds to me like it's largely organic. I'd like to understand that a little more. What does a typical application process look like? Is it one agent who is charged with processing the applicant from A to Z? There are problems associated with that; you can have a change of agent where they lose track. The types of stories we hear in our offices are about files being lost or documents being requested but not in a timely manner. That leads not just to frustration but to genuine hardship for people who are trying to come here.

     At the same time, I'm not at all an advocate of rushing application processes, so I'm even a little concerned that we went from 2.5 years to less than a year. I don't know if that's the kind of quality improvement we're looking for if people are getting through the cracks.

     I'd also like you to address the issue of fraudulent consultants. Maybe some of our security witnesses can deal with that.

    Mrs. Biguzs.

     Perhaps I can start and ask Mr. Orr to fill in the details.

    When individuals submit their paper applications, those are then sent to our case processing centre, located in Sydney, and the information is inputted into our global case management system. This is where we try to enhance the guidance and the instructions to staff on how to input information into the system, particularly around the issue of problem addresses, to try to make sure that we obviate any issues in how the addresses are entered. At that stage we can identify, through the system, if there may be multiple addresses. The system helps to facilitate whether, in fact, multiple addresses have already been identified at that particular address.

    As I say, the information is inputted into the global case management system. There is a process of risk triage. We have risk triage criteria that have been identified, which we worked on some time ago to triage cases, to identify which cases are more complex and not routine, where more issues may be flagged, for example, if a problem address has been identified....

    If it's a more straightforward case, then it can be referred back to the local office, and the local office then can go through the process. As you know, a knowledge test is administered, which an applicant has to pass in order to complete their application. There is also the language requirement. There is an in-depth interview that is also undertaken. In a straightforward case, the decision is then rendered.

    In a more complex case, as I say, it will go to a higher level decision-maker in the local office, where there would be a more in-depth program integrity review. If an issue has been identified with, for example, a problem address, potentially it is referred to what we call our case management branch. They have an expertise in following up on problem addresses.

    So it doesn't seem to be following a linear path but a circular path where the file is going from one person to another. Is there, at any step, an aggregating of the risk factors? Is there a systematic way of tracking? It's one thing to track an individual application; it's another thing to be recognizing where there is systematic risk.

    As I say, we certainly use risk triage criteria at the front end—and we're actually doing more work in looking at our risk indicators up front—to try to make sure that we can identify lower risk, more routine cases where there may be not issues versus complex cases, so they're are two kind of different pathways that an application may follow in terms of the process. Clearly, more complex cases where issues have been identified go through a more rigorous process.

    As I say, that's where we call on our case management branch where we may have to refer cases further to the RCMP, for example, or to CBSA. So as I say, there are two different pathways in the process.

    Mr. Orr, you may want to add to that.

    Very quickly, as we're already over time. So very quickly, Mr. Orr, if you're going to.

    There are just a couple of points on this. Keep in mind that this is a program where the acceptance rate is very high. It's about a 93% acceptance rate. We have about 2% who are refused for inadequate knowledge and language; about 1% for residency; and about 3.4% abandon or withdraw their application; and then there are a couple of hundred who are refused for criminality. That's sort of pretty average in terms of where it goes, but that might help to situate the program and how we process it.

    We'll now move back to the opposition and Mr. Poilievre. You have five minutes.

     In paragraph 7 of the Auditor General's presentation, it says, “We looked at 38 cases in which the RCMP should have shared information about charges with the Department, and we found that it had shared the information in only 2 cases.” It goes on, “We also found that after the criminal clearance check was completed, the Department had no systematic way to obtain information directly from police forces—other than the RCMP—on criminal charges against citizenship applicants.”

    I'll start with the second part of that quote. How hard is it to get records of criminal charges related to citizenship applicants from police forces?

     Mr. Chair, I can ask my colleagues at CBSA and the RCMP to respond further, but certainly as soon as we have an application and we enter the information into our global case management system, it is then referred to the agencies and we are able to receive criminal security clearances almost immediately.

    As I indicated, if in some cases a percentage of cases require fingerprinting, then that process does take somewhat longer before we can get a clearance, but perhaps my colleagues can respond further.

    With respect to that process, as Madam Biguzs mentioned, originally the checks come in to us through the government electronic messaging and document exchange service, which is a name-based application. Once we receive the name, date of birth, and some other biographical information, we filter that through two processes: the criminal name index, which is the criminal record check, if you will; and then the persons check through the CPIC system.

    If the name and date of birth and other biographical information meet a certain threshold through an algorithm that we have within the system.... If it's below that, it's a negative and we respond immediately that no information is available in our databases for this particular purpose.

    If it is above that threshold, then it's inconclusive. Then we need to go back to the applicant and ask them to send in a set of fingerprints, because we apply—with every criminal record that we have in our database, the criminal record itself is matched to a legally obtained set of fingerprints, obtained under section 2 of the Identification of Criminals Act. So we would know with certainty that the identity of the individual who is submitting the prints is married to that particular criminal record. As a result, we can provide a certified document that says these prints belong to these criminal charges and they belong to the person who submitted the prints. That does take a little longer.

    When we send back the initial response that said that prints were need, Immigration, Refugees and Citizenship Canada provides a letter to the individual instructing them to go to a police service or an authorized third-party agency to submit the prints to us. They have up to 30 days to do that or they need to acquire an extension from IRCC.

    In some cases, information is contained in the criminal record holdings that requires follow-up from the police services. The police services themselves provide that information to the system. It's their information. Sometimes we have to ask if this information is releasable, depending on what it is. It can take a little time, but essentially the process is that a name-based check is done first; then, depending on the information derived from that, a subsequent fingerprint check might be required; and then the conclusive results are sent back either to the individual, or if he signed a third-party waiver, directly to IRCC.

    How does it differ from a normal criminal background check that an employer or a non-profit organization would do on an applicant?

    It doesn't vary that much. It's a similar process. It's what we consider a civil check. We don't retain those prints either: once we have fulfilled the process itself, those prints are eliminated automatically.

    From the information we provide, IRCC has the opportunity through the CPIC system and CBSA to do a more fulsome review of that particular information. An employment check for a company doesn't give them that opportunity. We have the more fulsome ability to do that additional research through the CPIC system that our colleagues and partners have access to.

    We will now move to Mr. Arya, please, for five minutes.

    I'd like to continue what my colleague Mr. Poilievre was asking about. I'm really concerned after hearing about the weakness from the RCMP's Jamie Solesme that even now, after so many decades, the RCMP is still saying that they are going to look at IRCC's information requirements.

    She also mentioned that the complexity makes it difficult to share information, and said that the privacy laws, our charter of rights, and other things that make it difficult. She accepts that there are challenges.

    That leads me to conclude that there have been cases, and I don't know how many, in which criminals have got citizenship in Canada because of the lack of information sharing between the police forces and IRCC.

    Ms. Biguzs, are you sure that the RCMP knows all your requirements?

     Mr. Chair, we've been operating under an understanding with both of the security agencies. It has become apparent that there needs to be greater clarity and that we need to be more explicit in terms of our requirements and what our processes are for the exchange of information, and the authorities under which we can do so. The system we use, the global case management system, is a secure system.

    Regarding the global case management system, which you apparently think is so good, when it comes to CBSA, what the AG found was that they have not been very good in updating the GCMS. The response you have provided is that, given the necessity of protecting the integrity of ongoing investigations, blah, blah, blah, the agency will develop the process. There is no commitment from the CBSA to update your database system.

    Our commitment on the management action plan, both from my department and the agencies, is that we will have it in place by December. Work has already been taking place, but we will have finalized that in terms of the clarity by December.

    I'm sure you are clear that it will be done by December, but in their commitment they're saying, “subject to the necessity of protecting the integrity of ongoing investigations”, and things like that. They're not clearly committing that they will be able provide all of the information you need.

    Mr.—

    Maybe we can ask CBSA to explain that.

    Certainly, we can give you our commitment at the agency that we do want to respond, and we have accepted the Auditor General's Report, his observations, and his recommendations.

     We are committed to working with IRCC to bring about some clarity and some national consistency in terms of the information that is required and the processes that must be utilized. Much like my colleagues have answered previously, we have to do so within the construct of the legislation and the regulations under which we work.

    I only have one and a half minutes. If I can stop there, maybe Mr. Chair it would be good if the RCMP and CBSA could highlight or inform the committee through the clerk about the statutory limitations they have in sharing the information. Then we can look at what best can be done to work on those limitations.

     I don't know if the the AG's office could maybe conduct an audit of the people who have become new Canadian citizens during the last two or three years and find out whether some of them became citizens because of lack information sharing.

    I can provide a response for you there.

    In regards to the different legislation, perhaps the word “limitation” is not the best. It should be the word “guide”. They guide the agencies in how we .as agencies are compelled to protect the information we have within our inventories, databases, and what have you.

     When that information is shared, there are parameters that are there. Those parameters that are in legislation, such as the Privacy Act—

    None of those should stop IRCC from getting the information and preventing some undesirables from obtaining Canadian citizenship. That is the primary thing I'm—

    What I will say about the Privacy Act is that there are provisions in there to share information when there is a case that's going affect national security.

    I know that the chair usually interjects at the end of the time, but I think, in relation to what Mr. Arya is saying, that we understand there is always a risk when we share information. We get that. We also know that it can hurt an ongoing investigation. Are there real cases or evidence where, by sharing information, an ongoing investigation has been hampered, hindered, or not even taken place?

    Within the context of the files that were examined here—

    Yes.

    —I'm not aware that happened.

    No, but in any files.

    I wouldn't be at liberty to speak to all files in regard to that.

    No, but is there an example, is there a case where information sharing has hurt an ongoing investigation? It's always, “Well, we don't share information because there's a high risk of hurting the criminal investigation”. Has that happened?

    In an organized crime file, it likely does happen. For those complex investigations where you have a number of different people who are being investigated, if you share in one forum you're going to compromise investigations in another.

    The job of any enforcement agency is to ensure that they're fulfilling their obligated duties within the legislation that guides us, or that we're compelled by. If there are issues, there is deconfliction that can result in that to decide what the best course of action is for the best result at the end, which would be to protect the security and safety of Canada.

    We'll now move to Mr. Christopherson.

    I enjoyed that line of questioning. It was very good. Thank you.

    I want to start by throwing something positive out just so it's not all bad, even though it seems to be mostly that way. We'll go through the action plan in detail. I was particularly pleased with Mr. Arya's, analysis of one of the commitments, which wasn't nearly as strong as he and I believe it should be.

     The action plan, which unfortunately the public doesn't have before it, states the recommendation, the response from the department, the nature of the plan, the responsible office, and then the target dates. I must say that I was pleased to see that quite a bit of this work was done. None of these deadlines, at least at first blush, seems way off in the future—you don't get the sense that somebody is running you around the block here. Most of them are in September of this year, and a good number are for March of next year. I was trying to find something positive and that's what I could come up with. If that's as good as it gets, take it.

    Now, back to the part where this is the public court of accountability. I am not going to let go on trying to find out how some of this stuff happened. It's dealing with information, maybe not data per se, but certainly information.

    The Auditor General pointed out:

    The OAG contends that because of these changes “significantly fewer applications were flagged as higher risk and given more in-depth assessment” .

    So from a practical point of view, you made changes to the process about potential fraud and risk, but you didn't do any analysis to determine whether or not those changes would actually do any good. Help me understand how we can get to that point in a department where you make changes based on risk. Risk doesn't always turn on the big questions. Sometimes little details are just as important to keeping Canadians safe as multi-billion-dollar arms packages. I'd like to know how it is that you make changes to risk assessments with no evaluation. How can that be?

    In terms of any of the changes that have been made, I think the Auditor General has pointed out the extent to which the documentation on the files has perhaps not described all of this. But any of the changes that have taken place, in terms of risk indicators and risk criteria, are based on the input by and the work done by our own officers, together with input we received from CBSA, the RCMP, and also from our judges, who are on the front lines and who do residence hearings, based on what they have observed and identified, in terms of the kinds of issues that have arisen.

    The changes that have been made to the system were based on that kind process where there has been input from those closest to these matters. Whether or not we have document that, clearly is a gap that has not yet been filled. That is the work we doing in updating our risk indicators. We're evaluating them and putting in place a more rigorously documented process.

    That was incredibly defensive and didn't answer my question.

    Thank you, Chair.

     We'll now move back to Mr. Harvey.

    First of all, I'd like to thank you all for coming. I do have the utmost respect for what each and every one of you do. I thank you very much for sharing your time with us here today.

    I want to touch a little bit on Mr. Arya's comments and Mr. Poilievre's comments, and I guess Mr. Christopherson's comments too, in terms of information sharing. My comments are going to be brief.

    I also look at paragraphs 7 and 8 of the text of the Auditor General's comments, which Mr. Poilievre referenced, which indicate that in 38 cases, information was only shared in two of them, and on a subject on which it should have been possible to share information on some level. From an outside perspective, it should have been possible to share that information.

    I think sometimes when we talk about the sharing of information, it can be as simple as the not sharing of information. It's about identifying among departments and organizations the information there that's pertinent to a case, but it can't be released at any one time; and it's about making sure that each department is aware that this information is there, and that the department in question would like to release it cannot do so. There needs to be some collaboration among departments in recognition of what each department's trying to do to facilitate the common goal, which is to keep Canadians safe, and to ensure that the people who want to become citizens of this country have the ability to become citizens, while at the same time protecting the citizens who are already here.

    I think it's the same in paragraph 8,. The agency only shared information with the department in 11 of 38 cases. Well, it's as simple as indicating that there is pertinent information that cannot be released at any one given time, but that when it's pertinent, when it's able to be released, it will be released; that there is relevant information there that will affect a case and definitely change the direction of somebody's citizenship case.

    I was wondering if you would comment on that, Jamie, as to whether you think that's relevant. Do you think that's something that's possible? Do you think that departments do a better job of collaboratively working together? When I look at the five points that were brought up in the opening comments of Ms. Biguzs, I noticed that it's not something that was identified. There's not a clear definition of how we're going to move forward with information sharing among not only departments, but government agencies as well.

    Then I have a brief question for Mr. Orr after.

    Mr. Chair, again on the information sharing, can we do it better? Absolutely.

    I think it's important to understand, too, with investigations at what point somebody is charged. You have to understand the way the processes work within those cases. Somebody has had a criminal records check and they're negative. Then the person engages in criminal activity and is charged, whether by the RCMP or another police force within Canada. There's an ongoing investigation, which may or may not be complete by the time the person goes to citizenship. The person can stay in a charged stage for a while, until they go to court obviously, or are convicted or dismissed, or whatever the results may be. Within this we are still compelled by the various legislation.

    Now, I know there's concern about when information is shared. I bring you back to my comment with respect to there being two issues: whether we know and we haven't shared information, or we don't know so that we can't share. It's unfair to expect that law enforcement is going to target anybody of a different nationality. It goes against our policy framework on unbiased policing. It goes against the human charter of rights if we ask everybody what their status is. So you have to understand that as well. If we were doing that, we'd be audited for doing what we shouldn't be doing. You have to look at that perspective. Yes, we are trying to ensure the safety of Canadians, but we have to do it within the parameters that we're given.

    If we are aware that a person is an applicant, whether they've told us or because we know through another means, or there's a discussion with IRCC, and we know we have information that we need to share, there is a process in place to do that. Even if we can't share, there's a conversation that can take place.

    I think the issue, and what the committee, with all due respect, is looking for, is assurances that every effort will be made to share that information. We accept the recommendation within the action plan, and work is ongoing within that memorandum of understanding with IRCC. Those concerns, I think, you will find addressed when that MOU is clarified and specifically states what's required, when it's required, and how it will happen.

    At present the MOU doesn't reflect that. It reflects that sharing will take place, but it leaves it open-ended and probably the misconception that it's just a free flow of information. I think all things have to be taken into consideration with regard to that.

     Be very quick, please.

    I totally respect your comments.

    I am not going to get to Mr. Orr, and I apologize for that.

    I guess all I was trying to say was that, if somebody files an application for citizenship within the country, regardless of nationality—I wasn't bringing nationality into it; I don't even know why we went down that road—and gets flagged for criminal charges for doing something after that, then, in my mind, I believe that at that point there should be a common sharing system. If somebody has filed a citizenship application and is brought up on charges and put into a database, it should be automatically flagged. It should show up that this person has filed a citizenship application. At that time, a flag should go up to Citizenship that there are charges pending against that person or an ongoing investigation, not necessarily indicating that the information can be shared at that time, but letting Citizenship and Immigration know that there are charges pending and that this file does not move forward until such time as there is a resolution to the pending charges. That is what I am trying to say.

    Is there anything like that now?

    When somebody is charged or entered into the CPIC system, the issue is that we will not necessarily know what that person's status is. If we have a question, we could refer the case to IRCC and perhaps identify the person, but....

    All I am saying is that regardless of what exists today, this should be something we are moving towards, a system that is fully integrated and that allows the departments to cross-collaborate, so that if somebody has a citizenship application that is pending, it is noted in Citizenship and Immigration that there are charges pending, whether it is from the CBSA, the RCMP, or a different law-enforcement agency.

    Thank you very much, Mr. Harvey.

    We will now move back to Mr. Généreux, for five minutes.

    Thank you, Mr. Chair.

    This time, my question is for Mr. Ferguson.

    Your report contains your findings about fraudulent or potentially fraudulent documents, what are called “suspicious documents”. I'd like to know whether you detected a real danger or a significant risk related to this issue in terms of what is currently going on.

    This risk is generally defined by the department. Some people are trying to obtain Canadian citizenship fraudulently by using suspicious documents or by altering them. We found that the documents are not handled uniformly. They are seized in some regions, but not in others.

    We identified the problems because it's a risk that is defined by the department. It is very important that the department find a way to solve the problem and handle these documents in a uniform way.

    By the way, I would like to congratulate you on your French. I am very happy to hear you today, especially after the criticism about your appointment. You have made a lot of progress, and it's to your credit.

    Ms. Biguzs, continuing with the issue of documents, is there a difference between seizing and keeping potentially fraudulent documents used by people who want to enter Canada? Can you give us any examples?

    Mr. Chair, perhaps I will start by saying that the issue we identified is the fact that we don't have the authority, under the citizenship legislation, to seize a document. If someone has provided, for example, what appears to be a fraudulent or suspicious identity document.... It might be a passport that looks like it has been altered in some way....

    Excuse me for interrupting you, Ms. Biguzs. You said that you don't have the authority to seize these documents when people meet with your officers. Is that right?

    Yes, that's right.

     Under the citizenship legislation, our officers currently do not have the authority to seize a suspicious document. Bill C-6, which is before Parliament, actually includes that authority now. If that were to be approved, then our officers could do so.

    Under the immigration legislation, officers have the authority, or under Canada Border Services under the immigration legislation, we can seize documents, but if a citizenship officer suspects that a document has been altered or is fraudulent, they can't actually take control of the document. That has led to inconsistencies in terms of our citizenship officers and what to do in those kinds of cases when they suspect that a document actually has been altered. We have updated our guidance to officers, and now, if an officer suspects there is a problem with a document, there are procedures. They can actually go to a CBSA officer or to an immigration officer in the same office. Basically, if it is an immigration document, then in fact the authority under the immigration legislation can be used to seize the document.

    In the absence of an immigration-type concern, in fact, what we have now done to make sure there's consistency across the regions is that we have given guidance to our officers. Basically, they can in fact look at the document, and if they suspect there is an issue with the document, they can ask a client whether we could take control of the document.

     If a client refuses, the procedures require that official copies be made of the document. We make official photocopies of the document. We alert our case management branch that is responsible for following up on issues of this nature. We put a red flag in our system, and we do not continue processing that particular applicant for citizenship until we have actually been able to verify that in fact there is no issue with respect to an identity document or a travel document that has been submitted.

    As I say, we're hoping that if the legislation is passed this clarity of the authority for citizenship officers will be in place. Otherwise, we have other procedures that we've tried to put in place to address that concern.

    What tools do the officers have to detect potentially fraudulent documents? Do they have any particular tools for that?

    Officers have been given training on these kinds of things. They actually are trained to look at original documents against sample documents. Officers have access to a fully computerized image retrieval system of travel documents from around the world. They can look at a document that an applicant has put in front of them and verify it against this. I haven't seen it myself, but apparently it's a very sophisticated and advanced system, and against it, you can verify travel documents from around the world.

    Officers also have access now to the lost, stolen, or fraudulent document database. We have given them guidance as well in terms of what to look for in terms of the quality and the colour of a document in comparing them against sample genuine documents. We've also encouraged our officers as part of our guidance to question any differences and to look at the photograph very carefully to compare the person they're interviewing against the photograph. They will ask for secondary documents if they are not satisfied with the documents they have in front of them.

    We have put all of this more systematically into our program delivery instructions to our officers in terms of what to look for, but it is part of the ongoing training for staff and, as I say, it is part of our enhanced guidance and procedures.

    Our time is up. We'll now move back to Mr. Lefebvre, please.

    Thank you, Mr. Chair.

    Mr. Ferguson, in your report at paragraph 2.24, you say:

    For five years prior to this, there were no thoughts that any of the documents that had been presented to that office had been reported as potentially fraudulent. Is that correct?

    That's correct. In paragraph 2.24 what we're doing is pointing out the inconsistency in the practices in the various regions.

    My question is as follows. There are a lot of consultants who make a lot of money with respect to immigrants in helping them out with their citizenship applications. Can these consultants pick which offices they would go to to file these applications?

     That would be the way that individual applications are assigned to officers, and I would defer to the department to answer that question.

    But if you're saying that in one region none of the officers detected anything that was fraudulent for a number of years, my question is, again, can a consultant say that they want to try to direct their clients to go to Kingston all the time because they know that maybe the checks and balances in that one are not as strong as the office in Kitchener?

    Again, what we say is that in that region there were no documents seized that were suspected to be fraudulent. They may have identified that possibly there was a problem with a document, but they weren't seizing them.

    In terms of whether somebody can choose which citizenship office to go to, again I think the department would be in a better position to explain how those files are assigned to citizenship officers.

    Very quickly, Ms. Biguzs, can you explain?

    Mr. Chair, as I noted in my previous answer, and as the Auditor General has stressed, although the region didn't seize the documents, it doesn't mean to say that the officers didn't go through the full process. In fact, if they suspected there were an issue with the document, it meant that they probably went through a much more extensive program integrity interview and asked for secondary documents.

    I think the distinction here is that they didn't have the authority to seize the documents, so we've tried to clarify in our guidance what the procedure should be across the country with applications.

    Yes, perfect. I respect that and I understand that.

    Turning now to my second point, though, can a consultant or anybody pick an office and say, I will try to get my file reviewed by that office?

    The application is considered in the local office where the residence of the applicant is.

    So basically, if my address is in Kingston, I have to go to that office.

    All of the applications are input in Sydney, but as I say—

    I'm sorry?

    All of the applications are input into our system in Sydney, but in terms of the actual receipt of the applications and the interviews, that could be done in Toronto if that's where the individual is resident, or it could be in Vancouver if that's where the applicant is resident. It depends on where the applicant resides.

    Just very quickly after that, though, in your response to the recommendation with respect to the problem with the addresses, the department says:

    Is this a one-time verification or is it going to be continuous? I ask because in response to a lot of these recommendations, your response is that you will do this and I want to make sure that this is continually being monitored on a year-to-year basis, or even maybe shorter timeframes than that.

    Yes, Mr. Chair, the proof is in the pudding, and that is why the program integrity framework that we have now completed and put in place includes very robust quality assurance and quality control processes. As I say, these include following up three times a year on these kinds of things to make sure that in fact the practices are taking place, or, if there continue to be issues, that we're changing our guidance to officers on how to do this. I think the only way we can improve is by making that sure we have a continuous feedback loop.

    We also intend to do random targeting, by randomly going in to assess whether in fact we're getting at the issues that have been identified.

    Mr. Christopherson.

    All I want to do is to follow up on Mr. Lefebvre's excellent questions—and it's not a gotcha. I thought it was a very good question when the Auditor General had pointed out that things were happening to varying degrees. The very legitimate question was, with some of these high-paid consultants—notwithstanding that there is a main entry point, which I think you said was in Sydney—whether there is any way they could manoeuver or game the system to have a particular application end up in a region where they happen to know that things aren't quite as stringent as they might be in other areas. The answer was that it depends on where the applicant resides.

    The only thing I want to do is just to nail down 100% that there is no other option, once it goes in at Sydney, and that where you reside is the region it goes in and there is no ability on the part of a high-paid consultant to game that system and have that application end up somewhere else where they have reason to believe their client would get a less thorough scrutiny.

    Mr. Orr.

     That is essentially the case.

    All applications will go through the Sydney office and the risk triage there. There's no influence. Everyone goes through the same process there, and then it will go out to the office where the applicant lives. Regardless of a request to go to one place or another, it goes to where the applicant lives.

    And it can't be moved.

    Well, if the applicant moves, then we might do it.

    The reason for that is they must do the knowledge test and the interview. Thus, it is important to have the file where the person is, so we can do that.

    It's also perhaps worth pointing out that Bill C-24 did ensure that all consultants must be in good standing with the regulatory body as well. That was a change that happened in 2015, which did perhaps reduce some of the risk in that area.

    In Hamilton Centre, I deal with a lot of these kinds of things and will be more satisfied when the AG has a chance to go in there and find out how well that's working.

    I hear what you're saying, but again it is a very legitimate concern that my colleague Mr. Lefebvre raised. You believe there's no need to be concerned about that and you don't sense that there's any way the system could be gamed as a result of what the Auditor General identified. Is that correct?

    That is correct.

    Very good. Thank you. I just wanted to clarify that.

    Thank you, Mr. Lefebvre, for an excellent train of questions.

    We'll go back to Mr. Généreux, please.

    Thank you, Mr. Chair.

    Ms. Biguzs, I asked you a question earlier about seizing or keeping potentially suspicious or fraudulent documents. I asked you what tools the staff had for that. You told me that it was something you had never seen. Were you talking about a program you have never been able to see in action?

    As I say, there are multiple tools, Mr. Chair. The reference that I made in particular was to an advanced computerized image retrieval system—I think it's called Edison. It's an electronic system of travel documents from around the world. Officers can actually verify a document in front of them against the information in Edison. I haven't seen the system myself. It's apparently a very accurate system that can actually verify against—

    You've never seen it?

    I haven't actually had the opportunity, but certainly, Mr. Chair, Mr. Orr has.

    I presume Mr. Orr could perhaps describe this system exactly. I want to make sure I know what the tool in question involves.

    I think this is an international tool that Canada has access to. What it basically does is outline the security features of passports of most countries of the world, so that if you have a document in front of you, you know that you can look at this particular feature to see whether it's correctly done or not. It's very useful in that respect, when you're not sure whether the document you have is genuine or not. But it's not a magic bullet. All of these things, all of these tools, have to be used in combination to determine if a document is fraudulent or not.

    Right. So there are many tools, not just one.

    That's right.

    Okay.

    Ms. Biguzs, earlier when I spoke to you about seizing and keeping documents, you told me that your officers could not seize documents, but that Immigration Canada and RCMP officers could.

    Does that mean that these officers all have their offices in the same place? Do officers from different organizations work together in all the offices, across Canada?

    I'll ask Mr. Orr to respond in detail, but often we are in close proximity to access CBSA or RCMP officers. As I say, if the suspect document is an immigration-type document that's been used for immigration purposes to Canada, then the legal authority would exist under the Immigration and Refugee Protection Act to seize the document. That's where we would call on our CBSA officer, or one of our own immigration officers—not our citizenship staff, but our immigration officer—to actually then exercise their authority under that legislation to seize that document.

    Perhaps you can provide details on that.

    As the deputy outlined, we don't have authority under the Citizenship Act to seize a document, but we may well under the Immigration and Refugee Protection Act. If there is something we can link to immigration—and that's often the case—then we may be able to seize the document under that authority.

    It may be done by one of our immigration officers, and within our department the immigration officers and citizenship generally are co-located. However, if it needs to go to CBSA, in some instances we're co-located, but more often than not, we're not.

    What percentage of offices in Canada are shared by the two organizations?

     Within our immigration and citizenship department—and I'm just guessing here—it's close to 100%. Within CBSA it's rather a different number, and I don't know what that number would be.

    Does this sharing, the presence of Immigration Canada officials and the fact that they can seize potentially fraudulent documents held by other people reduce the fraud risk?

    I think we have to distinguish between the risk of fraud and seizing documents, which is just one small component—

    I'll give you the opportunity to provide more detail.

    The issue that the Auditor General quite rightly identified was not seizing documents on a consistent basis. Having that ability within the immigration office at present, yes, would reduce risk in that particular area. Whether or not they are separate in terms of identifying fraud, I don't think it has an impact, because there are so many different elements that we look at in detecting fraud, which we do on a regular basis, that having it in immigration does not have an impact there.

    We'll now move to Ms. Zahid.

    Ms. Biguzs, you touched briefly on Bill C-6, which gives officials new powers to seize documents that they suspect may be fraudulent. It is unusual that this provision was more explicit before. Can you please discuss in a little bit more detail how these new powers will help combat fraud in the citizenship program?

    Mr. Chair, the provision in the legislation basically provides a new authority that was not there previously to allow a citizenship officer, if they suspect a document that has been presented in front of them, to validate or help to substantiate their application for citizenship to Canada. If they believe there are reasonable grounds to believe that the document has been improperly obtained, improperly used, or is fraudulent, it allows the officer, under the minister's authority, to seize the document. That can include a passport, if it's deemed to be suspect or problematic, an identity document, or documentation providing evidence of residence in Canada.

    This will now provide the authority to an officer to be able to seize those documents for further investigation. It doesn't necessarily mean to say that the individual has committed fraud, but it allows the documents to be held and to be investigated further to determine indeed whether or not in fact a fraud has been committed.

    Further to this inconsistent and not accurate data, you mentioned that you have asked the officers to adopt the Canada Post way of posting. Do you think this entails the implementation of a uniform method of data entry to prevent discrepancies in the address? If not, will you be taking any other specific measures to make sure that you have consistent and accurate data entered?

    Certainly in terms of the guidance and the instructions we've sent out to staff, we've been very clear that before entering a new address, number one, make sure there isn't already another address entered into the system. See if another address already exists so that we're not entering multiple addresses, and do verifications of that. The instructions are very clear in that regard.

    As well, when they enter a new address, they have to use the Canada Post guidelines. We'll be following up on that to make sure the procedures are being followed so that it's consistent in terms of how we actually capture whether it's an apartment at the beginning or at the end. It will be standardized across the system.

    How will it be made sure that this is followed?

    As part of our quality assurance and quality control processes, those are the kinds of things we will be following up on, to make sure that we are addressing the problems that have been identified in terms of the way addresses are being entered into the system.

    I'll share my time with Ms. Shanahan.

    Go ahead, Ms. Shanahan.

    I'm glad to continue on that because, when we're talking about a data entry problem, it just seems incredible in this day and age that we would be there.

    You mentioned that the officers are trained, and that they're offered guidance, but where is the performance measurement to make sure that indeed the guidelines are being followed and this is being properly executed? We're talking about paper applications. We're talking about a very subjective manner of dealing with hard data.

     Mr. Chair, in addition to the enhanced or improved guidance and operational instructions that we've sent out to the field, we do have regular working group meetings with our citizenship staff, and we have monthly conference calls to try to reinforce the procedures. Again, I think the only way we can actually validate that these kinds of measures are in fact being followed is by quality assurance and quality control. It is incumbent upon us to ensure that. We have a separate program integrity division that will help us in doing that kind of quality control, to go into the system, to validate, and to do some random targeting. As I said, it will also help us in terms of specific regular exercises to make sure that these kinds of issues are being addressed.

    Thank you for referring to the quality assurance framework, because that's a finding of the Auditor General's in paragraphs 2.48 to 2.53 around the risk indicators and how they were originally defined. They were insufficiently defined. There wasn't enough evidence. Human error, I would think, would be a big one there. It's not deliberate, but it can lead to a fraudulent application ultimately being processed.

    Please talk about how you have improved your risk indicators.

    We do have a process that will document the risk indicators. As I said, this involves using evidence based on assessing cases that have been refused, and looking at and going into the cases. As has been pointed out, we analyze the cases in terms of the kinds of issues that were identified through that process, as well through feedback from our own staff, in terms of where we know interviews have taken place, where issues have been identified, and input that we receive from CBSA and the RCMP.

    We will actually substantiate our risk indicators based on that kind of evidence and document it. The intention is that we will be evaluating and re-evaluating the risk indicators on a much more regular basis, but also documenting them, and then establishing a baseline.

    Another issue that was identified was that we don't actually have a baseline to compare how we're doing. In fact, part of the program integrity framework is to establish a baseline, and then monitor against that baseline in each and every subsequent period, to assess how we're doing and whether we have improved. Are the trends getting better or worse? Where have our own practices improved or where do there continue to be gaps?

    Thank you. We look forward to seeing the follow-up on those measures.

    All right, Mr. Arya, I'll let you in here. We're getting close. It's going to be about a minute.

    Thank you, Chair. I'll make it very quick.

    This question is for the RCMP. You mentioned that the revisions in the management action plan, under the heading “Management Implementation Actions”, will reflect upon IRCC's information requirements for delivering its programs, as well as what is feasible and practical for the RCMP to provide. It appears that it is possible that the RCMP may not be able to provide all the information the IRCC needs all the time because you may think that is not feasible or practical. Could you kindly answer that question with a yes or no?

    That's correct.

     Thank you. I think we're pretty well done.

    I do have a couple of questions. First of all, Ms. Shanahan asked a question that dealt with data management, data entry, and problems. This is an area of concern that our entire committee had, not not just with regard to this department but to every department. I had better be careful here. In many departments, we have heard of data problems with the collection, maintenance, and sharing of data, and with compromised data or data that is just wrong. You did talk about quality control and a quality control framework. Thank you for doing that, because I have a feeling that when we have to draw up a report, we certainly will be talking about data control. You may expect us to ask that question about the quality control framework that you're going to put in place and the measures you have to make certain it is functioning properly.

    I want to go back to a question that was asked fairly early on. The Auditor General, in exhibit 2.4, gives us a table that explains a problem with inconsistent identification of multiple applicants using the same address. In his report, he mentioned about 50 individuals who were using the same address. In response to the earlier question, you gave a reasonable answer in saying that when refugees come in, they typically use temporary housing and that many times the temporary housing is the same from one refugee to the next. We went back and looked at what the Auditor General said: “We found that officials working in local offices regularly identified problem addresses...”. In other words, they recognized those as problem addresses. It wouldn't be a problem address if they knew if was temporary housing for a refugee, but they recognized it as a problem address. The Auditor General continued, that “they forwarded them to the department headquarters. However, we also found examples where many applicants used the same address over several years although none of the citizenship officers who processed their application noticed.” They didn't notice it. They missed it. For example, one address was used by at least 50 different applicants during overlapping time periods between 2008 and 2015. Among these applicants, seven became Canadian citizens. The Auditor General then said, “This address was eventually discovered in 2015 during a residency fraud investigation...”.

    Are you telling me that some of temporary residences we use for refugees coming in have been found to be used fraudulently? We keep using these addresses. We keep using these homes, and it's been discovered during a residency fraud investigation by the Canada Border Services Agency and added to the department's list of problem addresses. Can you give me a bit more information?

    Mr. Ferguson, are you satisfied with the answer we got to the effect, well, you know, there are different reasons and one of the reasons is that it's a temporary address for refugees?

    I'll then go back to Ms. Biguzs.

    I think there are a couple of components to it. The first one would be that the issue was about, as you so rightly just identified, problem addresses. The fact an address is used by multiple people may not be a problem, but in these cases we were dealing with addresses that had been identified as problem addresses, and more work should have been done.

    There are also cases where an address is used by multiple applicants. In that case, it should be noticed and a question should be asked, and maybe the address is okay. I think that just because an address is used by multiple people, and it's known to the department that it's used by multiple people because they're refugees or whatever, then that address for that reason should not end up on the list of problem addresses.

    What we were concerned about was when an address ends up on a list of problem addresses, then how is the department managing that, how are the officers treating that, and are they doing all of the steps they should be doing when the department has already identified the address as problematic?

     It sounds as if even after being identified as a problem address, other officials for some reason didn't recognize it as a problem address.

    That was the point we were making. Either it was identified by the department as a problem address, but didn't end in the system flagged as a problem, or it did end up in the system flagged as a problem address when that person made their application and the system identified it as a problem, and the citizenship officer didn't take any additional steps to investigate the fact that the person had provided that particular address.

    Certainly for us it wasn't an issue about multiple people using the address; it was when those addresses were identified as problem addresses. Then the types of things you're talking about weren't done, when we felt that the citizenship officer should have been doing them, making sure that the information was properly captured in the system, and that once it was properly captured, making sure that the follow-up procedures were done.

    All right. Thank you very much.

    This concludes our very interesting meeting today. I think we all learned a lot. As I stated, in the future we'll be drawing up a report with recommendations. You may be required at a future date to provide us more information or to come back before our committee.

    I would also give you and Auditor General the opportunity, if you leave this meeting and feel you didn't explain something quite the way you wanted, to send in more testimony or to follow up with our clerk. If that's the case, we would encourage you to do so.

    We always check for such additional information when considering a report of ours. If there are other areas of concern that you had coming out of this meeting, we would also love to hear from you on that. We can then follow up on it in our report.

    This committee is the follow-up to making certain that departments carry through on their pledges in response to the Auditor General's reports, and we take that very seriously.

    We thank you for being here today, and we now adjourn this meeting.