Part 3: Preventing immigration identity fraud

Department of Labour: Management of immigration identity fraud.

3.1
In this Part, we outline our expectations for the prevention of immigration identity fraud, and present our findings on how the Department:

  • is organised to prevent immigration identity fraud;
  • identifies immigration identity fraud risks;
  • plans to manage those risks;
  • is staffed to prevent immigration identity fraud;
  • supports prevention through systems, processes, and procedures;
  • works with external stakeholders in preventing immigration identity fraud; and
  • evaluates its prevention of immigration identity fraud.

Our expectations

3.2
We expected the Department to have:

  • assessed the risks of identity fraud thoroughly and regularly;
  • established a clear and comprehensive strategy to address identity fraud;
  • identified clear staff roles and responsibilities for the prevention of identity fraud;
  • set up systems, processes, and procedures designed to assist staff with the prevention of identity fraud;
  • established effective strategic relationships with all relevant external agencies with responsibilities for preventing identity fraud; and
  • evaluated the effectiveness of its activities to prevent identity fraud.

Arrangements for preventing immigration identity fraud

3.3
The Department is organised to prevent immigration identity fraud throughout a range of groups, units, and branches within the Workforce Group.

3.4
In relation to the selection process for skilled migrants, the Department has stated that prevention is defined and guided by policies and legislation, application procedures, deterrent prosecutions, staff training, and international liaison and relationship building. In relation to the selection process for UN-quota refugees, the Department noted that prevention is considered when making decisions about the composition of the annual quota, and through the co-ordination of refugee resettlement.

Identifying identity fraud risks

Our findings

3.5
The Department has identified and assessed generic immigration fraud risks at a strategic level, and some identity fraud risks within other entry categories at an operational level. However, risks specific to immigration identity fraud in the skilled migrant or UN-quota refugee categories have not been identified or assessed by the Department.

Strategic risks

3.6
At a strategic level, the Department has identified immigration fraud (including immigration identity fraud) as a generic risk.

3.7
At a strategic level, the Department has identified the generic risks of what it refers to as “keeping bad people out” and “client1 fraud” (which it described as the effects of criminal activity that threatens law and order). However, these are broad risks, and are not specific to immigration identity fraud or specific entry categories.

3.8
The risk of not “keeping bad people out” was also identified as a strategic risk in the Workforce Group’s internal planning documents, and the risk of “client fraud” was previously identified as a strategic risk in the Workforce Group’s Strategic Risk Register 2005/06.

3.9
The Department’s Strategic Risk Paper, prepared by the Border Security Group in February 2006, also identifies a number of risks to New Zealand from the movement of people globally, and fraud and forgery risks at a regional- and country-specific level. The paper notes that increasingly high quality counterfeit passports are available to people seeking to get through the New Zealand border, and this poses a major challenge for immigration processing.

Operational risks

3.10
At an operational level, the Department has identified risks specific to immigration identity fraud committed by those claiming asylum at the New Zealand border. These are recorded within operational risk registers. The Department has not assessed operational risks specific to immigration identity fraud in the other entry categories, including the skilled migrant and UN-quota refugee categories.

Client risk methodology

3.11
The Department has recognised that its business practice surrounding the assessment of client risk and value2 is inadequate. The Department introduced the client risk methodology in 2006 to consolidate a best practice approach for the assessment of client risk and value.

3.12
The client risk methodology aims to build the assessment of an applicant’s risk and value into the visa and permit application process. The methodology identifies and measures four risk and value categories – identity, character, employability, and settlement.

3.13
The four risk and value categories are based on the Workforce Group’s immigration objectives of providing a skilled and productive workforce.

3.14
The Department has indicated that it has yet to start work on linking the client risk methodology with UN-quota refugees, and the value of applying the four current risk and value categories to UN-quota refugees will need further assessment.

3.15
The ability to identify and assess accurately and regularly the specific risks of immigration identity fraud would enable the Department to better understand, quantify, and assess the size and scale of the risk of immigration identity fraud within the skilled migrant and UN-quota refugee entry categories. It would also assist the Department to focus its identity fraud detection and investigation priorities and initiatives on the active management of those risks within the two entry categories.

3.16
The Department needs to regularly identify the immigration identity risks specific to the skilled migrant and UN-quota refugee entry categories. This identification should be based on relevant strategic and operational information and intelligence from detection and investigation activities throughout the Department.

Recommendation 1
We recommend that the Department of Labour regularly identify immigration identity risks specific to the skilled migrant and UN-quota refugee entry categories.

Strategies to manage identity fraud risks

Our findings

3.17
In July 2006, the Department prepared a Draft Identity Management Strategy (the Draft Strategy) to address identity management throughout all the Department’s programmes, including the skilled migrant and UN-quota refugee categories. The Department is also carrying out a number of other related identity management initiatives.

Draft Identity Management Strategy

3.18
The purpose of the Draft Strategy is to manage customer identity, support service delivery, and enhance the management of identity fraud. Its objectives include combating identity fraud throughout all of the Department’s programmes in a consistent and effective manner, and supporting other agencies involved in managing identity fraud activity.

3.19
The Department has indicated that the Draft Strategy and its underlying principles of identity authentication and verification3 are informing the development of the Immigration Business Transformation.

The Department’s Immigration Business Transformation

3.20
The proposed Immigration Business Transformation for the delivery of immigration services within the Department is part of the programme of change for immigration. The Department has indicated that the Draft Strategy is part of the Immigration Business Transformation’s ”Implement Identity Management” project, which is due to start in January 2009.

3.21
The Immigration Business Transformation includes a single computer system, improvements in staff capability, improved support for staff, improved measures (such as enhanced marketing, better customer service, and improved timeliness and responsiveness of settlement services) to get the migrants that New Zealand needs and the continuation of both on- and off-shore decision-making.

3.22
Managing identity is proposed as part of the Immigration Business Transformation, through improved information collection and the use of biometric technology and client profiling. A business case prepared by the Department for the Immigration Business Transformation will be considered shortly by the Government. The Department has indicated that, once Government investment decisions are made, design and implementation will begin immediately and be rolled out progressively over the next 1-5 years.

Other identity management initiatives

3.23
The Department is also either carrying out or proposing to carry out a number of other identity management initiatives, including:

  • an identity management pilot scheme in the Refugee Division to test the Draft Strategy concepts and biometrics, that includes:
    • the collection of biometric information by refugee – efugee quota immigration officers on selection missions;
    • on-shore verification of refugee identity against a central – al database of all claimants for resettlement and biometric alerts; and
    • taking fingerprints, and using facial recognition and matching techniques;
  • an Identity Review of Refugees of Risk project, which will examine people of risk in the refugee stream where their identity is questionable; and
  • a Pacific Region Immigration Identity project, which will use a regional approach to detect, measure, investigate, and prevent the use of identity fraud at the border.

Staff roles and responsibilities

Our findings

3.24
The Department has a range of staff roles with responsibilities for fraud prevention across groups, units, and branches within the Workforce Group.

3.25
There are officers based in two overseas airports, regional liaison officer positions in the Pacific, and airline liaison officers – who act to prevent fraud by working with airlines and counterparts from other countries.

3.26
There are risk analysts in three overseas Immigration New Zealand branch offices – Bangkok, Beijing, and New Delhi. Their role is to enhance the management of risk through improved risk profiles that can be used throughout the Department, information and intelligence gathering, and building relationships with other immigration services.

3.27
There is also a staff member who co-ordinates the settlement of UN-quota refugees in New Zealand. This role is to communicate and consult with the refugee community on issues relating to the annual composition of the UN-quota and relevant immigration policy issues.

Prevention support systems, processes, and procedures

Our findings

3.28
The Department has tools in place within its mainstream systems, processes, and procedures for relevant staff to support the prevention of identity fraud. The Department also has access to external systems to support staff in identity fraud prevention.

Prevention systems

3.29
The main system used in the Department is the Application Management System (AMS). The AMS has been used by the Department since 1997 to collect client and application information on people entering and leaving New Zealand and applying for visas and permits.

3.30
Staff can search for client identification information in the AMS by name, date of birth, travel document, client number, and other details. Warnings on clients or travel documents can also be placed in the AMS to alert staff to any issues that may need to be addressed in relation to the processing of applications.

3.31
The Immigration Knowledge Management Tool is provided on the Department’s intranet. This tool is used throughout the Department, and provides information for processing applications, including links to information such as lists of accredited employers, New Zealand Standard Classifications of Occupations, and recognised qualifications.

3.32
Also, Border Security staff have access to external systems to search the details of incoming air passengers to New Zealand before they board a flight to New Zealand, or before they arrive.

3.33
The client risk methodology (see paragraph 3.11) is also available on the Department’s intranet for staff to use. It provides information to support decisionmaking, including information on client risk and value on a country-specific basis, and a toolkit to help staff to verify information submitted with applications.

3.34
The client risk methodology was introduced as a pilot scheme in selected Immigration New Zealand branch offices in New Zealand and overseas in 2006. It was intended that it would be fully implemented in all Immigration New Zealand offices by May 2007.

Prevention processes and procedures

3.35
The New Zealand Immigration Service Manual is available for all visa and immigration officers. The manual contains general policy, procedures, and legal provisions governing Workforce Group operations.

3.36
The manual includes procedures for risk profiling (called “the green pages”) which provide guidance for staff in relation to verification, including specific guidance on identity verification.

3.37
A best practice manual is being prepared for refugee quota immigration officers on the selection process for UN-quota refugees. The Department has indicated that this best practice manual will include specific guidance on the prevention and detection of fraud in relation to UN-quota refugees. The manual is due to be completed in June 2007.

Relationships with external stakeholders

Our findings

3.38
The Department has strategic relationships in place with relevant external agencies with responsibilities for preventing identity fraud.

3.39
The Workforce Group has a number of memoranda of understanding in relation to information sharing, joint working, and support services with external agencies both in New Zealand and overseas (such as the New Zealand Police, the New Zealand Customs Service, the Department of Internal Affairs, and the Board of Airlines Representatives New Zealand).

3.40
The Workforce Business Group is involved in a number of external forums and working groups both in New Zealand and overseas, including the Officials Committee for Domestic and External Co-ordination, the Combined Law Agency Group, and various international forums in relation to immigration. Stakeholders consulted as part of our audit indicated that the Department has been an active participant in government security and identity management forums and initiatives.

3.41
The Border Security Group commissioned reviews of its stakeholder relationships and international engagement. The reviews examined existing relationships and engagements and made recommendations for improvement, which are being considered in the context of work on the development of the Immigration Business Transformation and the Border Security Group’s offshore capability.

3.42
There is a National Refugee Resettlement Forum on the refugee resettlement process, which is held twice a year. The UNHCR is represented at this forum and gives feedback on services provided by the Refugee Division. The UNHCR has indicated that it has a good and effective working relationship with the Department, and that it considers New Zealand to be a model resettlement country.

Evaluation of prevention activities

Our findings

3.43
The Department has not evaluated the effectiveness of its activities to prevent identity fraud within the skilled migrant and UN-quota refugee categories, because there are no formal systems to accurately collect, assess, and report on such information.

3.44
In preparing the client risk methodology, the Department recognised that:

  • information is mostly collected and maintained at an individual Immigration New Zealand branch office level;
  • analysis is performed individually within branches on an informal basis, and information stored in independent spreadsheets or databases for individual branch use, which makes broader analysis ineffective; and
  • there are inconsistencies in the way in which areas within the Workforce Group store and share information, and staff do not always receive information in an appropriate format or in a timely manner.

3.45
The Department also said that there has not been sufficient progress with the development of evaluation methodologies, and that evaluation is constrained by the absence of historical data to assess the effect and likelihood of identity fraud.

3.46
The Department has said it is planning to do further work on the evaluation component of the client risk methodology, as part of its client profiling and verification project in the Immigration Business Transformation.

3.47
Regular, formal evaluation would enable the Department to measure the effectiveness of its prevention activities and provide information and intelligence to identify risks and inform detection and investigation priorities throughout the Department.

Recommendation 2
We recommend that the Department of Labour regularly and formally evaluate its prevention activities, and gather and assess relevant information and intelligence from its identification and assessment of risk, identity management initiatives, and prevention systems.

1: The Department refers to visa and permit applicants as its “clients”.

2: Client risk and value is the risk posed by accepting a migrant (such as the migrant coming from a country that is classed as high risk) balanced with the value that the migrant brings (such as skills).

3: Authentication is ensuring that documents are genuine and verification is ensuring that identity information on documents is correct.

page top