Canada's border guards shared passwords and allowed hundreds of thousands of people into Canada without fully vetting them, breaking the rules, Canada's auditor general Michael Ferguson has found.
The startling findings were part of an audit of the Canada Border Services Agency released Tuesday by Ferguson's office, which focused on whether immigration and border services had a handle on procedures to ensure staff aren't corrupted.
Border security has been under increased scrutiny since United States President Donald Trump's administration moved to heighten restrictions on immigration. An influx of asylum-seekers crossed from the United States into Canada during the first few months of the year, shortly after Trump's election.
Border agency supervisors were not spending enough time trying to root out corruption at land border crossings, Ferguson found. People whose profiles raised flags, for example, were allowed to enter Canada without secondary inspections, while in other cases, people could enter the country without necessary paperwork.
Overall, Ferguson found that the border agency knew corrupt border guards could share passwords or allow unauthorized foreigners from entering and leaving the country, and had put in place controls to try and stop that from happening.
But neither the agency nor the department that shares responsibilities for facilitating travel and the entry of goods into the country, Immigration, Refugees and Citizenship Canada —"adequately monitored the controls to ensure they were working as intended," according to Ferguson's report.
"Canada Border Services Agency wasn't using the information that it had available to identify that there were cars...300,000 cars, in fact, that came across the border into Canada for which they have no record of who was in those vehicles," said Ferguson.
"They weren't using information available to them to identify that their border officers were sharing log-in information," he said.
"That means that they don't have an appropriate record of who was processing which people coming into the country. They need to do a much better job on that."
Ferguson also said both organizations need to ensure they were training all employees properly enough to make sure they were aware of corruption risks.
In another release, Ferguson said the RCMP was failing to provide mental health support for its members in need.
In a response to the report, the department said it had already created an internal professional conduct standard that will be "fully operational" beginning in 2017–18. It said "mechanisms are in place" to capture information on potentially corrupt guards.
For its part, the border agency agreed with Ferguson's recommendation to create a monitoring strategy, and said it will integrate the report's findings into its internal management tools. It also committed to adding new elements to its assessment program of border entry ports by July of this year.
Public Safety Minister Ralph Goodale welcomed the auditor general's work, in a statement issued Tuesday afternoon. "I am pleased that no evidence of corruption was found during the audit," said Goodale.
He said the border agency would continue to "enhance the monitoring of its risk controls for corruption to ensure they are working as expected."
As for mental health at the RCMP, he said he was committed to making sure the RCMP is a "healthy workplace." The RCMP has already moved to address some of Ferguson's recommendations, he said, such as launching a new program for disability management and accommodation.
Over half a million cases of anomalies
The auditor general's office looked at vehicle entry data at Canada's land border between April 1, 2015 and March 14, 2016, and another period between June 13 and July 4, 2016.
Out of roughly 19 million vehicles scanned by a licence plate reader, the auditor general found 511,000 cases of anomalies, which it then examined further using a representative sample.
Border guards "did not scan or manually enter information from documents for these travellers as required" in a portion of that sample, said Ferguson's report. The result is that roughly 300,000 vehicles did not get all the vetting they're supposed to get.
"Since each vehicle could contain more than one individual, this meant that more than 300,000 individuals likely entered the country without a full inspection," the report stated.
"We do not know why border services officers did not follow all the required procedures."
Ferguson's report is careful to note that the fact that officers didn't record the information in these cases "did not mean that a corrupt activity occurred." It was, however, an example of guards not following all proper controls that had been put in place to mitigate corruption, the report said.
The number of vehicles that were an anomaly were two per cent of the roughly 19 million vehicles that passed through the border during the time period examined.
Using data from the same 2015-16 time period, Ferguson's office also found instances where border guards appeared to be logged in at one booth, "and within 20 seconds" had logged in at another booth, suggesting that user IDs were being shared.
The auditor general's office also looked at data for eight border guards accounting for 15 per cent of potential password-sharing. Seven of those guards were sharing passwords. Overall, 744 officers examined "each had at least one similar instance of sharing user identification," the report stated.
Both the incomplete vetting of travellers and the sharing of passwords is "against agency policy," it added.
Through an April 2016 survey with border agency superintendents, Ferguson's office also looked at policies around notices alerting guards to secondary inspections, and temporary resident permits.
They said 71 per cent had recorded that they spent less than a quarter of their shifts overseeing border guards—most of their time was spent pushing paper and email.
As well, after looking at 9,082 secondary inspections over the examined time period, they found border guards missed 56 alerts for secondary inspections and supervisors "either did not follow up as required or the follow-up was not complete."
Border guards and government employees are guilty of an offense under the Immigration and Refugee Protection Act if they knowingly make or issue "any false document or statement," accept or agree to accept a "bribe or other benefit," or knowingly fail to "perform their duties."
Editor's note: This story was updated at 11:15 a.m. on May 17 to correct that Immigration, Refugees and Citizenship Canada shares some responsibilities for facilitating travel and the entry of goods and people into the country with the Canada Border Service Agency. The CBSA does not fall under the IRCC Department.