Using Social Media in Investigations

Using Social Media in Investigations

Just about everyone has some form of social media these days. At the end of Q4 2021, Facebook reported 1.9 billion active daily users, and 2.9 billion active monthly users. Add to that Instagram’s 500 million active daily users and Snapchat’s 319 million active daily users, and you have a valuable pool of information and evidence for private investigators. 

There are broadly two types of information that can captured from social media, which are:

Incriminating content that subjects inadvertently upload themselves

People often post so much of their lives on social media that they may accidentally share something that incriminates them or contradicts their legal claim. 

For example, a woman made an insurance claim stating that she had suffered serious injuries due to a motor vehicle accident. However, her insurance company found posts on the woman’s social media accounts of her snowboarding and scuba diving during the time she was supposed to be injured. The insurance company was then able to prove that her claim was fraudulent.

Incriminating content uploaded by third parties

Social media can still be a useful tool in investigating those who are not very active on these platforms or have a private profile. In the case of major car accidents, it is possible that a bystander will capture footage of the crash and upload it onto Facebook, Twitter or Youtube.

In 2015, a man in the US claimed that he had crashed his $60,000 Corvette whilst driving on the Interstate. It was later discovered by investigators from Youtube footage that he had actually crashed the sportscar into a barrier during a drag-race. 


Tips for Using Social Media in Investigations

Consider all platforms

There are so many different platforms out there when it comes to social media. Some of the more common ones include:


As the most popular social media site, Facebook provides investigators access to an extensive range of information. Investigators can view years of posts and photos to see:

  • Photos the user has posted
  • What cities they have travelled to 
  • What cities they have lived in
  • What events they have attended
  • What pages they like
  • What content they post on their page
  • Who they interact with on their profile most frequently
  • Who they are friends with

In 2012, a Burger King employee was fired after posting a picture of himself on Facebook standing in lettuce containers. Internet sleuths were able to determine the location of the photo using GPS data in the image, who then forwarded it to news outlets in the area. 


This platform is very public and is more impersonal than Facebook. Users usually follow celebrities as well as their friends, and post tweets that are unflattering or things they wouldn’t want their Facebook friends to see (such as family members and professional connections). Investigators will be able to see someone’s interests, hobbies, and connections.


This platform emphasises sharing high quality, edited photos with a user’s followers. The types of information that investigators can find through a person’s Instagram includes where they have been (via geographical tagging), what they are interested in, and who they spend time with.

Other Platforms

Although the platforms mentioned above are the most common social media platforms that people use, there are many others out there. In fact, there are around 200 widely used social media sites at the moment, and limiting your investigation to only the top 2 or 3 could mean you are missing out on a lot of valuable evidence.

In 2019, a claim of serious physical injury was proven false when posts were discovered – on the fitness-oriented social media platform Strava – of runs and bike rides during the time the claimant was supposed to be injured 


Obtain Evidence Legally and Ethically

As alluded to above, a person with a private profile will make it difficult for an investigator to find information on them through their social media. As a result, investigators may be tempted to engage in pretexting.

Pretexting occurs when someone tries to convince their victim to give up valuable information by using a story to fool the victim. The investigator may pretend to be an acquaintance or friend to get inside the person’s network and access information not available to the public.

However, this practice does raise legal and ethical questions. There are some states in the US that have found that “the admissibility of evidence is not affected by the means through which it is obtained,” meaning that pretexting has been deemed admissible in these states. In California though, it is illegal to “knowingly and without consent credibly impersonate another actual person through or on an Internet Website.” 

To be on the safe side, it is best that your investigation only focuses on publicly available information to avoid doing the wrong thing.


Preserve all Evidence

Given the ever-changing nature of social media, posts available one day may be deleted or made private the next day. Investigators need to ensure that they properly capture and preserve all evidence they find.

This is particularly important during workplace harassment or bullying investigations. Employees who are subject to cyber bullying may bring messages or posts to their employer’s attention. If proper steps aren’t taken to preserve this evidence, these messages and posts may be deleted by the other party and it will be a case of he said she said. 

Screencasts can be used to digital record a computer screen and capture words, images and the interactivity between pages. A webcast narration can also be used by the investigator to record themselves talking about what they are seeing. 

Facebook has a feature which allows users to download a copy of their entire history. This is particularly useful when investigating matters months or years in the past. While some subjects may willingly hand over their Facebook histories, investigators may need to compel the subject to hand over the information in some situations. 


Act Quickly

For similar reasons as above, investigators need to act quickly when gathering evidence from their subject’s social media. Once someone becomes aware that they are being investigated, it is likely that they will start deleting incriminating evidence from their social media accounts, or even delete their accounts completely. Hence, investigators should immediately capture any piece of relevant evidence that appears on their subject’s social media accounts. 



Investigators need to ensure that all evidence they collect from social media is authentic. Doing so can be as easy as asking the subject if they, in fact, made the post. However, investigators should also be wary that judges have, in the past, ruled evidence from Facebook inadmissible due to an attorney’s suggestion that their client’s account had been hacked.

Other methods of authentication include recording the IP addresses responsible for social media posts to verify who actually posted it. Investigators could also look into internet browsing history and witness testimonies to authenticate evidence. Finally, emailing posts to others or yourself can validate the time at which it was posted as well as act as a way of preserving the post.


How Polonious Can Help

Polonious has integrations with numerous OSINT sources, including Social Discovery, which focuses on social media.

Social Discovery will allow you to access comprehensive social media analytics. With one click you can generate reports that load back onto the case automatically. These reports are easy-to-consume, accurate, and can be customised to your investigation needs. You will need a Social Discovery account, paid separately from Polonious, to access this service. 

To learn more about other integrations that Polonious currently offers or is working on, check out this link.


Social media is quickly becoming one of the most effective sources of information for investigations. However, there are a number of considerations that companies should keep in mind when conducting investigations using social media, which include using all available platforms, obtaining evidence legally and ethically, acting quickly, and preserving and authenticating all evidence. Doing so will ensure that investigations run as smoothly as possible. 




social media

Investigators should avoid using pretexting to obtain evidence.


Facebook has a feature which allows users to download a copy of their entire history.

Book a Demo Now

Learn more about how Polonious can help you implement an effective and confidential whistleblower hotline.

Polonious divests USA business

Polonious divests USA business

Polonious pty Ltd has today announced it has sold its USA case management business to Dutch Insuretech FRISS.  The deal will also see the support of Polonious’ Australian and NZ insurance customers transfer to FRISS.

 Polonious’ banking and finance, private investigator, education or government clients in Australia and Europe  will continue to be serviced and supported by Polonious.

 Polonious and FRISS have been in discussions for a number of months and last week agreed terms for the sale of both Polonious USA and the insurance customers of Polonious’ Australian and NZ business.

According to Stuart Guthrie and Alastair Steel, co-founders of Polonious, the deal is an exciting opportunity for Polonious.

 “We are very proud of the unique fully configurable case management software we have developed. It has helped many customers save on labour and fraud costs, reduce their need for IT investment and protect their brands.  This deal will enable our software to benefit many more customers around the world.

 “The deal also provides us with a significant capital injection and we are excited about the potential this gives us to  enhance our product, develop new releases, explore new opportunities and potentially expand further into and beyond the banking and finance, investigator, government and education sectors.

 “Our software has already helped many companies in a variety of sectors process investigations faster and more efficiently by combining advanced technology with full reporting capabilities and configurable user interfaces.

 “We are excited to continue this journey and keep helping businesses protect their brands by processing claims faster and more efficiently,” they said.

 The deal is expected to close in coming weeks and transition arrangements have been developed to ensure smooth transfer of operations for customers that will move over to FRISS.

 About Polonious

 Polonious is a leading provider of specialist case management systems for businesses in a wide range of industry sectors – including banking, finance, education, government and private investigators. With a unique approach to fully configurable software they have helped the businesses they support increase case through put by 38% and reduce administration costs by almost 25%. They have a full sales and support team based in Sydney Australia and will continue to service Australian and New Zealand clients from here and via their partners in the UK.

 About FRISS

 FRISS is a Dutch based Insuretech business that offers fraud, risk and compliance solutions to insurers worldwide.   They offer insurers an AI powered fraud analytics platform – an end to end service, which is now enhanced by the inclusion of the Polonious software which broadens their SIU capabilities and further optimises workflows.

 For further information please contact:

Alastair Steel, Co-founder Polonious on : 0414 656 700

Stuart Guthrie, Co-founder Polonious on: 0403 470 123

Writing an Internal Privacy Policy

Writing an Internal Privacy Policy

What is an Internal Privacy Policy?

According to the Office of the Australian Information Commissioner, a privacy policy is a statement that explains in simple language how an organisation or agency handles personal information. All organisations and agencies as defined by the Privacy Act 1988 are required to have a privacy policy.

You may have heard of a similar term known as a privacy statement. While a privacy statement is used for external purposes such as informing customers or suppliers, privacy policies are intended for internal use, formulating policies and informing employees. 

The areas that privacy policies usually cover include:

  • Employee records: Personal information, medical history, etc.
  • Email and internet usage guidelines
  • Handling customer information
  • Internal systems: Permission, responsibilities, access to files, etc.
  • Mobile devices: company phones, laptops, etc.
  • Established laws and regulations
  • Consequences for policy violation
  • Reporting a security breach

Why is it Needed?

Companies often need to collect and house personal information about their employees and customers, as well as confidential information about the company itself. If a rival firm were able to access this information, it could mean that your company would lose its competitive advantage, as well as breach customer trust for having their information leaked. There would also be serious consequences if an employee were able to look at another employee’s files. 

To mitigate against these threats to your company, an internal privacy policy is required so that all employees know what policies are in place regarding personal information. All employees will be on the same page on what they can and cannot do, the penalties for breaching policies, and what to do if they spot a breach themselves. 


How to Write an Internal Privacy Policy

General Tips

The following tips should be integrated throughout your private policy:

  • Use the active tense (you, we, I) and simple language. 
  • Avoid using legal jargon, acronyms, and in-house terms
  • Use short sentences and break up large blocks of text into paragraphs or dot points
  • Use headings to help readers easily locate information relevant to them
  • Only include relevant information by focusing on what is likely to be important to the reader. This will help avoid unnecessary length.

Be Specific

Your privacy policy should not leave any room for employees to speculate or assume. You should delve into specific details so that your employees know what to do in every situation. This may mean using real-world examples of situations that may occur in the workplace. Some specific questions that your privacy policy should answer include:

  • What strict password and virus protection procedures are in place?
  • How often should employees change their passwords?
  • Is encryption used to protect sensitive information?
  • How often are system-penetration tests conducted to verify if your systems are hacker proof?
  • What regular training programs are in place that allow employees to keep up-to-date on technical and legal issues?
  • What is the response plan in the event of a security breach?
  • What are the procedures that prevent former employees from accessing computers and paper files?
  • Are sensitive files separated in secure areas/computer systems and available only to specific individuals?

Another way of being more specific is including a list of definitions for terms that may need more clarification. As an example, the meaning of ‘personal data’ is often misunderstood, as some employees think that if information can be found in the public domain, it isn’t personal data. Personal data is any information that relates to an identified or identifiable individual, and can be as simple as name, number, IP address, or cookie identifier. The definition of personal data should be set out in a business context so that employees have a clear understanding of how to handle this information. 

Determine what Structure to Use

Due to the breadth of information that needs to be included in a privacy policy, it is vital that you have a clear structure. Information should be arranged in a way which makes sense in terms of your company’s functions, activities and audience. For example, you could separate the different groups from which you collect information from and have different privacy policies for, such as customers, employees, and businesses.

You should also ensure that the privacy policy is contained within a singular document. This will avoid the fragmentation of information and allow employees to easily find out where the policy is. 

Outline How to Report Security Breaches

One topic which is often neglected in privacy policies is what employees should do in the event of a security breach. Whether an email has been accidentally sent to the wrong recipient, or an employee has overheard another employee selling sensitive company information, all incidents involving security breaches need to be reported. 

Your privacy policy should include phone numbers, email addresses and other contact details so that employees can report any security breaches they observe. Besides the privacy policy, you should end all emails containing sensitive information with instructions to contact your company and delete the email if it was sent in error. 

Test Your Privacy Policy

An essential step in formulating your privacy policy is testing it on your target audience. If possible, a sample of employees from different departments and levels should be chosen to review the policy. 

The readers will be able to provide feedback, pointing out areas which will likely cause confusion within the target audience and which need more clarification. They can also provide a unique perspective and offer improvements that can be made to the privacy policy that you may have missed.

Regularly Update Your Privacy Policy

Finally, your privacy policy should be regularly reviewed and updated to reflect changes in the law, your business, or your protocols. You should also let your employees know that these changes have occurred in a timely manner. A number of methods are available for this, which include brief introduction videos by executives, presentations during department meetings, and as follow-up communications. 


Internal privacy policies are important tools for employees to raise their awareness on how to handle personal information. Some important points that companies should consider when drafting this document include being specific, having a clear structure, outlining how employees should report security breaches, testing the privacy policy, and regularly reviewing it. Given the detrimental impacts a breach in information security can have on the company’s functioning and reputation, companies should treat privacy incredibly seriously and ensure all employees are aware of their policies. 


System penetration tests can verify if your systems are hacker proof

Private Policy used for Security Breach

Private policies should outline what employees should do in the event of a security breach

Book a Demo Now

Learn more about how Polonious can help you implement an effective and confidential whistleblower hotline.

6 Benefits of Workplace Risk Assessments

6 Benefits of Workplace Risk Assessments

Businesses are expected to create a safe working environment for their employees. Key to this are workplace risk assessments, which are used to identify potential risks and then implement procedures to minimise those risks. 

But what exactly are workplace risk assessments? Workplace risk assessments are a systematic process of evaluating the potential risks that may be associated with an activity. There are three key questions that need to be asked when conducting a risk assessment:

  • What hazards exist that may cause harm?
  • How severe would the harm be?
  • How likely is the harm to occur?

This blog will explore the benefits of carrying out these assessments to your business. 

1. Identify and Improve Workplace Safety Weaknesses

One of the main benefits of conducting a risk assessment is being able to evaluate the effectiveness of a company’s workplace safety system. This will help identify the current system’s vulnerabilities, inefficiencies and non-compliance. 

Your company will have a clear understanding of what improvements need to be made to the current safety system. This will make it easy to determine what steps need to be taken in the future to remove the weaknesses identified and strengthen the safety system with new policies. 

In this way, risk assessments can prevent injuries and even save lives in high risk workplaces. As long as employees and managers are familiar with these new policies, the risk of injury or fatality from hazards like fire or asbestos can be significantly reduced. 

2. Cost-Saving

Businesses that invest in effective workplace risk assessments will make significant savings in internal and legal costs. By investigating potential risks and implementing policies to mitigate against them, less injuries will occur. This will in turn reduce the number of employees taking time off work, saving on costs of sick-pay, training other staff, or hiring new staff. 

It will also prevent fines, lawsuits and penalties from non-compliance with occupational health and safety laws.

The risk assessment will be useful in calculating the costs and long-term financial benefits of implementing safety system changes. This will help justify any spending made to improve workplace safety. Your company will be able to budget appropriately for these expenses and allocate the resources necessary for the solution. The information contained within the risk assessment can ensure that your company doesn’t overspend on a problem that does not need an expensive solution.

3. Positive Image

Showing a commitment to creating safe workplaces will lead to a boost in the public perception of your company. Customers are more willing to do business with a company that holds itself to a high standard. Not only that, other companies will want to be associated with a company that has strong values. 

A workplace risk assessment can avoid workplace incidents that cause negative publicity and a distorted brand image. One of the largest companies in the world, Apple, has come under fire many times for the treatment of its overseas workers. Apple outsources the manufacture of its products overseas. However the company has done very little to ensure that these workers are properly treated and not underpaid, despite the billions of dollars that Apple has.

When Apple found out that some of the factories in their supply chain had high suicide rates, guess what they did? If you guessed investigating the factories and changing the workplace conditions then you would be wrong. Apple told the managers to put nets outside the windows to catch people jumping off and send them back to working. By ignoring the safety of their workers and promoting an unsafe working environment, Apple has suffered from a damaged reputation, losing sales from ethical consumers. 

By conducting risk assessments, your company will avoid creating unsafe workplaces and damaging your brand image. 

4. Maximise Productivity

By ensuring that your workplace has proper tools and has effective procedures in place, employee productivity will increase. Employees that have to deal with defective tools will waste time trying to fix them or their overall work will be inefficient, wasting company resources. 

These risk assessments also demonstrate to your employees that workplace safety is a key concern for the company. This will motivate them to work more productively since they know that their needs are being met. Employees will also take less days off due to illness or stress, and more likely want to continue working for your company, reducing staff turnover.

5. Train Employees

A risk assessment will increase your employees’ awareness of workplace measures and risks. This more educated workforce will use their knowledge to work more efficiently and create a safer work environment. For example, employees will more likely be able to identify dangerous situations and deal with them successfully following a risk assessment. 

Additionally, these assessments are an effective method of starting conversations with your employees about their safety in the workplace. Employees are the most knowledgeable on what risks they face in their everyday work. Engaging with them will create a highly detailed risk assessment that will help ease decision making and make sure everyone is on the same page.  

6. Document Due Diligence

Finally, risk assessments can act as evidence of your company’s efforts to enforce proper safety measures. They can act as evidence to government regulators, insurance companies, and business partners that you are committed to improving the safety of your workplace and complying with safety regulations. 

This is particularly important if an incident does occur and an external body is investigating who is at fault. The risk assessment will demonstrate that your company has taken the right steps to protect your employees from harm. 


How Polonious can help

Polonious is ISO27001 and ISO9001 compliant, and we use our own software to assess and manage any risks as part of the accreditation process. We have developed a streamlined risk management process which will:

  • Keep track of which assets (equipment etc) are linked to which risks. When your software identifies any potential risks, you will gain a deeper understanding of the possible consequences.
  • Require action items on risks assessed as high or above, and automatically generate action item issues for follow up.
  • Streamline your reporting processes. Polonious’ simple report generation functions will allow you to access a wealth of information from an easy-to-understand report.
  • Saving you time. By automating administrative tasks, Polonious helps free up your time to focus on improving your workflows and asset management system.
  • Identify gaps in your policies. Polonious’ management project tools will allow you to spot weaknesses in your system, allowing you to continuously improve your policies.

Our software allows you to fill out risk assessments online, with built in calculations for risk ratings and colour coding to flag high risks. You can add action plans to your treatment plan to automatically create follow up cases with their own workflow. This is all managed in a central hierarchy so you can cross-reference risks and their treatments.

    Click this link to learn more and get in touch today to see how our risk management software can help your company!

    Workplace Injury

    Risk assessments will reduce costs of sick pay, compensation, and fines

    Apple Factory Workers

    Apple’s outsourced workers are subject to deplorable working conditions.

    Workplace Safety Training

    Employees will be more knowledgeable on workplace risks and how to deal with them following a risk assessment

    Book a Demo Now

    Learn more about how Polonious can help you with your risk assessment system

    8 Types of Workplace Harassment and 6 Ways to Prevent Them

    8 Types of Workplace Harassment and 6 Ways to Prevent Them

    There are many types of harassment in the workplace. Harassment may consist of unwelcome or offensive behaviour that contributes to a hostile work environment. These can come from a co-worker, supervisor, boss, vendor or client that can cause an employee to feel uncomfortable or threatened.

    There are so many types of workplace harassment and so many interpretations that even the most diligent HR professional could miss the signs. With a more thorough understanding of workplace harassment, you will be able to detect, prevent and protect against such threats.

    This blog will help you identify 8 Types of Workplace Harassment and 6 Ways to Prevent Them. 

    The content of this blog will be structured in the following order:

    1. Defining Workplace Harassment
    2. 8 Types of Workplace Harassment
    3. 6 Ways to Workplaces can Prevent Harassment

    Defining Workplace Harassment

    United States

    According to the U.S. Government, offensive conduct may include, but is not limited to, offensive jokes, slurs, epithets or name calling, physical assaults or threats, intimidation, ridicule or mockery, insults or put-downs, offensive objects or pictures, and interference with work performance. Harassment can occur in a variety of circumstances, including, but not limited to, the following:

    • The harasser can be the victim’s supervisor, a supervisor in another area, an agent of the employer, a co-worker, or a non-employee.
    • The victim does not have to be the person harassed, but can be anyone affected by the offensive conduct.
    • Unlawful harassment may occur without economic injury to, or discharge of, the victim.

    In the United States, petty slights, annoyances, and isolated incidents (unless extremely serious) will not rise to the level of illegality. To be unlawful, the conduct must create a work environment that would be intimidating, hostile, or offensive to reasonable people.

    United Kingdom

    In the U.K., harassment is unlawful under the Equality Act 2010. According to the U.K. government, examples of bullying or harassing behaviour include:

    • spreading malicious rumours
    • unfair treatment
    • picking on or regularly undermining someone
    • denying someone’s training or promotion opportunities

    Bullying and harassment can happen:

    • face-to-face
    • by letter
    • by email
    • by phone

    Bullying itself is not against the law, but harassment is. This is when the unwanted behaviour is related to one of the following:

    • age
    • sex
    • disability
    • gender reassignment
    • marriage and civil partnership
    • pregnancy and maternity
    • race
    • religion or belief
    • sexual orientation


    Similarly, in Australia, bullying, sexual harassment and discrimination in the workplace are not appropriate and can be unlawful. 

    Bullying happens at work when:

    • a person or group of people repeatedly behave unreasonably towards another worker or group of workers
    • the behaviour creates a risk to health and safety.

    Examples of bullying include:

      • behaving aggressively towards others
      • teasing or playing practical jokes
      • pressuring someone to behave inappropriately
      • excluding someone from work-related events
      • unreasonable work demands.

    8 Types of Workplace Harassment

    Discriminatory Harassment

    According to the US Government, discriminatory harassment is verbal or physical conduct that demeans or shows hostility, or aversion, toward an individual because of his/her race, color, religion, gender, national origin, age, disability, or because of retaliation for engaging in protected activity and that:

    • Has the purpose or effect of creating an intimidating, hostile, or offensive working environment; or
    • Has the purpose or effect of unreasonably interfering with an individual’s work performance; or
    • Otherwise adversely affects an individual’s employment opportunities.

    Harassing conduct includes, but is not limited to the following:

    • Epithets, slurs, jokes, negative stereotyping or threatening, intimidating or hostile acts that relate to a person’s race, color, religion, gender, national origin, age or disability.
    • Written or graphic material which demeans or shows hostility or aversion toward an individual or group because of race, color, religion, gender, national origin, age or disability and is posted on walls, bulletin boards, e-mail or elsewhere on the FLETC facility.
    • Submission to or rejection of such conduct by an individual is used as the basis for decisions affecting an individual’s employment.

    Some examples of discriminatory harassment include:


    Racial Harassment

    In the United States, Discrimination based on race is prohibited by Title VII of the Civil Rights Act of 1964. Racial discrimination occurs when persons are treated differently than others who are similarly situated because they are members of a specific race (e.g., White, Black, Asian, etc.).Examples of employees who are similarly situated may be those working in the same position and grade, the same component, or under the same line of supervision.

    A victim may experience racial harassment because of their race, skin color, ancestry, origin country or citizenship.

    Even perceived attributes of a certain ethnicity (curly hair, accents, customs, beliefs or clothing) may be the cause. Racial harassment often looks like:

    • Racial slurs
    • Racial insults
    • Racial jokes
    • Degrading comments
    • Disgust
    • Intolerance of differences


    Gender Harassment

    Workplace gender discrimination comes in many different forms, but generally it means that an employee or a job applicant is treated differently or less favorably because of their sex, gender identity, or sexual orientation.  Even though the words “sex” and “gender” have different meanings, laws against discrimination at work often use them interchangeably.

    Examples of treatment that could be gender discrimination include:

    • not being hired, or being given a lower-paying position because of your gender identity or sexual orientation (for example, when an employer refuses to hire women, or only hires women for certain jobs)
    • being held to different or higher standards, or being evaluated more harshly, because of your gender identity, or because you don’t act or present yourself in a way that conforms to traditional ideas of femininity or masculinity. For example, if a worker who identifies as a woman receives a negative performance evaluation that criticizes her for being too “aggressive” (while men who behave the same way are praised for showing “leadership”), or if she wears her hair short and is told she needs to be more “presentable,” she may be experiencing discrimination based on gender stereotypes, which is a form of gender discrimination.
    • being paid less than a person of a different gender or sexual orientation who is similarly or less qualified than you, or who has similar (or fewer) job duties than you
    • being denied a promotion, pay raise, or training opportunity that is given to people of another gender identity or sexual orientation who are equally or less qualified or eligible as you
    • being written up or disciplined for something that other employees of a different gender do all the time but never get punished for
    • being insulted, called derogatory names or slurs because of your gender identity, or hearing hostile remarks about people of a certain gender identity or sexual orientation.
    • being intentionally or repeatedly called by a name or referred to as a different gender that you don’t identify with – such as when a transgender man is called by his dead name, or referred to as “Miss”
    • being subject to unwelcome sexual advances, requests for sexual favors, or other verbal or physical harassment of a sexual nature
    • being rejected for a job, forced out on leave, or given fewer assignments because you’re pregnant


    Religious Harassment

    Religious harassment is often interconnected with racial harassment but narrows in specifically on the victim’s religious beliefs.

    An individual with a religion that differs from the “norm” of the company may face workplace harassment or intolerance in a variety of ways:

    • Intolerance toward religious holidays, traditions, and/or customs
    • Cruel religious jokes
    • Degrading stereotypical comments
    • Pressures to convert religions


    Disability-Based Harassment

    Disability-based harassment is a type of workplace harassment directed towards individuals who either:

    • Suffer from a disability themselves
    • Are acquainted with a disabled person or people
    • Use disability services (sick leave or workers’ comp)

    A person with a disability may experience harassment in the form of:

    • Harmful teasing
    • Patronizing comments
    • Refusal to provide reasonable accommodations

    Personal Harassment

    Personal harassment is a form of workplace harassment that’s not based on one of the protected classes (such as race, gender or religion).

    Personal harassment includes:

    • Inappropriate comments
    • Offensive jokes
    • Personal humiliation
    • Critical remarks
    • Ostracizing behaviors
    • Intimidation tactics
    • Or any other behavior that creates an intimidating and offensive work environment for the victim.


    Physical Harassment

    Physical harassment, also often called workplace violence, refers to a type of workplace harassment that involves physical attacks or threats. In extreme cases, physical harassment may be classified as assault.

    Physical gestures such as playful shoving can blur the line between appropriate or not since it’s the person on the receiving end who decides whether the behavior makes them uncomfortable.

    Common examples of physical harassment include:

    • Direct threats of intent to inflict harm
    • Physical attacks (hitting, shoving, kicking)
    • Threatening behavior (shaking fists angrily)
    • Destroying property to intimidate


    Sexual Harassment

    Sexual harassment is when the perpetrator behaves in a romantic or sexual way towards the victim who is clearly uncomfortable and does not want attention of this nature. There is also something known as Quid Pro Quo sexual harassment where the superior makes a sexual request to the victim and if not taken up, a threat of something negative happening is made, such as losing their job or not getting a promotion.

    Under the Fair Work Act, sexual harassment at work happens when a worker or group of workers:

    • makes an unwelcome sexual advance
    • makes an unwelcome request for sexual favours
    • engages in other unwelcome conduct of a sexual nature in relation to another worker.

    To be sexual harassment, it has to be reasonable to expect that there is a possibility that the worker being sexually harassed would be offended, humiliated or intimidated.

    Some forms of sexual harassment can also be considered bullying if the behaviour is repeated or continuous. But unlike bullying, sexual harassment does not need to be continuous or repeated behaviour, it can be a one-off event. There is also no need to establish a risk to health and safety.


    Psychological Harassment

    Psychological harassment has a negative impact on a person’s psychological well-being. Victims of psychological harassment often feel put down and belittled on a personal level, a professional level or both. The damage to a victim’s psychological well-being often creates a domino effect, impacting their physical health, social life and work life. 

    Psychological harassment in the workplace might look like:

    • Isolating or denying the victim’s presence
    • Belittling or trivializing the victim’s thoughts
    • Discrediting or spreading rumors about the victim
    • Opposing or challenging everything the victim says

    Power Harassment

    Power harassment involves any kind of behavior in which a superior takes advantage of his or her position in the workplace to cause co-workers physical pain or emotional distress. This can be due to superiority by means of relative work position, physical size, or otherwise.

    The most common example is a boss mistreating an employee when he/she is in a bad mood. This can manifest as condescending reactions to employee questions, shifting the blame on employees for their own incompetency, and withholding critical information from an employee that he/she needs to know.

    Other types of power harassment include:

    • Physical attacks including acts of force or violence
    • Psychological attacks including intimidation or verbal abuse
    • Segregation or any kind of ostracism
    • Excessive demands (e.g. assigning work that is impossible to perform or obviously unnecessary)
    • Demeaning demands (e.g. assigning work clearly below the employee’s capability or not assigning work at all)
    • Intrusion upon the individual, including the employee’s personal life


    Cyber bullying is often defined as a form of covert bullying and is carried out through the use of technology; for example, on the internet through emails, blogs and social networking sites, as well as via mobile phones. Some of the physical forms of bullying, such as transmission of rumours or gossip, crossover well into the Cyber-bullying category.

    The problem with the use of online technologies is they are perfect camouflage for employing the hidden nature of covert and cyber bullying practices.  This makes them difficult for the organisation to prevent or stop and perhaps, as a consequence, employees are not informed that they have rights to prevent such online bullying incidents.

    This is particularly concerning, given the potential legal consequences as well as the ongoing social and psychological issues that can result for both employees who have been bullied and those who engage in bullying behaviour. Many employees are unaware as to what constitutes Cyber-bullying. Examples of Cyber-bullying include:

    • Malicious or threatening emails or SMS communications to an individual’s phone or email address;
    • Electronic communications that feature offensive content such as explicit images or jokes/comments about ethnicity, religion or sexual preference;
    • Electronic communications aimed at correcting or providing feedback to an individual that are copied to a group with the effect of publicly shaming or demeaning the individual;
    • Malicious or threatening comments about an individual posted on blogs or social networking sites;
    • Sharing embarrassing, offensive or manipulated images or videos of an individual; and
    • Screensavers for desktop backgrounds featuring offensive content.


    Retaliation occurs when an employer punishes an employee for engaging in legally protected activity. Retaliation can include any negative job action, such as demotion, discipline, firing, salary reduction, or job or shift reassignment. But retaliation can also be more subtle.

    6 Ways Workplaces can Prevent Harassment

    Set the Standard of Workplace Behavior

    A workplace can set and enforce clear standards of behaviour through a code of conduct or a workplace policy that outlines what is and is not appropriate behaviour and what action will be taken to deal with unacceptable behaviour. It can apply to all behaviours that occur in connection with work, even if they occur outside normal working hours. The standards of behaviour should also include a reference to reasonable management action.

    The advantage of this approach is that unreasonable behaviours can be addressed before they escalate into workplace bullying. Implement a workplace bullying policy A policy designed to prevent workplace bullying may be a stand-alone policy or incorporated into a broader code of conduct or work health and safety policy. The policy should be set out in writing, be developed in consultation with workers and should include:

    • a statement that the organisation is committed to preventing workplace bullying as part of providing a safe and healthy work environment
    • the definition of workplace bullying (as described in this guide)
    • the standard of behaviour expected from workers and others in the workplace
    • a statement, where relevant, that the policy extends to communication through email, text messaging and social media • the process for reporting and responding to incidents of unreasonable behaviour
    • the process for managing reports of workplace bullying, including vexatious reports, and • the consequences of not complying with the policy. An example of a workplace bullying policy is at Appendix A. Implementing a policy in a small business may simply involve the business owner advising workers and reminding them when necessary that bullying behaviour is not tolerated in the workplace, what to do if it does occur and what action will be taken. To be effective, the policy should be easily accessible and consistently applied. It should be communicated and promoted through notice boards, the intranet, team meetings and by managers discussing the policy with their staff. 

    Develop productive and respectful workplace relationships

    Good management practices and effective communication are important in creating a workplace environment that discourages workplace bullying. Examples include:

    • promote positive leadership styles by providing training for managers and supervisors
    • mentor and support new and poor performing managers and workers
    • facilitate teamwork, consultation and cooperation
    • ensure that reasonable management actions are clearly defined, articulated and understood by workers and supervisors
    • ensure supervisors act in a timely manner on unreasonable behaviour they see or become aware of

    Where there is a risk of workplace bullying by other people, for example clients, the following control measures may be considered:

    • communicate the expected standard of behaviour through a code of conduct or in contracts and agreements
    • empower workers to refuse or suspend service if other people fail to comply with the expected standard of behaviour
    • provide support to workers who are exposed to unreasonable behaviour
    • implement control measures to eliminate or minimise the risk of workplace violence

    Design safe systems of work

    The following work design control measures may reduce the risk of workplace bullying:

    • clearly define jobs and seek regular feedback from workers about their role and responsibilities
    • provide workers with the resources, information and training they need to carry out their tasks safely and effectively
    • review and monitor workloads and staffing levels to reduce excessive working hours
    • provide access to support mechanisms, such as employee assistance programs, particularly during busy and stressful work periods
    • provide effective communication throughout workplace change, including restructuring or downsizing.

    Implement reporting and response procedures

    Workplace bullying behaviours should not be tolerated and early reporting of these behaviours should be encouraged. If a worker considers they are being bullied they will be more likely to report it if they know there is a transparent reporting process in place and that it will be followed as soon as a report is received. Reporting can be encouraged by:

    • making it clear that victimisation of those who make reports will not be tolerated
    • ensuring consistent, effective and timely responses to reports
    • being transparent about dealing with workplace bullying by regularly providing information on the number of reports made, how they were resolved and what actions were taken. It is important for those who experience or witness workplace bullying to know who they can talk to in the business, that a report will be taken seriously, and that confidentiality will be maintained. Implementing effective response procedures should ensure that reports of workplace bullying are dealt with in a consistent and reasonable way.

      These procedures should be used each time a report of bullying is made. They should also provide flexibility to fit the different circumstances of each report, and be designed to suit the size and structure of the organisation.

      An effective procedure should:

    • be in plain English and if necessary available in other languages
    • outline how issues will be dealt with when a report of workplace bullying is made or received including broad principles to ensure the process is objective, fair and transparent.
    • clearly state the roles of individuals such as managers and supervisors, and • identify external avenues available to workers where reports of workplace bullying have been unable to be resolved internally. A procedure must be developed in consultation with workers and health and safety representatives (if any).

    Provide training and information

    Training is a significant factor in preventing and managing workplace bullying, particularly to enable early intervention in workplace conflict before it potentially escalates into bullying. Workers including managers and supervisors should be aware of their roles in relation to preventing and responding to workplace bullying and have the appropriate skills to take action where necessary. Training Induction training for workers should include information on:

    • the standards of behaviour expected in the workplace including the use of social media if relevant
    • how workplace bullying should be reported and how such reports are managed
    • where to go internally and externally for more information and assistance.

    Training for workers can be provided in various ways including through online courses, podcasts and face-to-face training.

    A training program should cover:

    • awareness of the impact certain behaviours can have on others
    • the work health and safety duties and responsibilities relating to workplace bullying
    • measures used to prevent workplace bullying from occurring
    • how individuals can respond to workplace bullying
    • how to report workplace bullying
    • how workplace bullying reports will be responded to including timeframes. 

    Managers and supervisors need the skills to be able to identify psychological hazards and put the right control measures in place. They should be trained in how to prevent and respond to workplace bullying, and in skills that will help develop productive and respectful workplace relationships, for example training that covers:

    • communicating effectively and engaging workers in decision-making
    • managing difficult conversations and providing constructive feedback both formally and informally
    • conflict management
    • effectively managing workloads and performance
    • diversity and tolerance. 

    Training should be tailored to meet the needs of workers and suit the nature of the workplace and the workforce, for example levels of literacy. Providing workers with information Information about workplace bullying can be given to workers in a number of ways including:

    talking directly with workers by holding team meetings, tool box talks or speaking one-on-one with them at the beginning of the work day

    • handing out company newsletters or pamphlets(including information sheets in payslips, displaying posters around the workplace, through email messages or intranet announcements)

    Implement Issue Specific Prevention Measures

    Each form of workplace harassment requires different prevention measures. Therefore, it is important to educate yourself on different forms of harassment. 

    Preventing Sexual Harassment

    For instance, workplaces can help prevent sexual harassment by:

    • creating a safe physical and online working environment
    • providing information, instruction, training and support about the importance of preventing and addressing sexual harassment in the workplace
    • addressing unwanted or offensive behaviour early
    • encouraging reporting of sexual harassment and having effective complaints procedures.

    Employees should also be aware that if they believe sexual harassment has happened (or is happening) at the workplace, they can talk to:

    • a supervisor or manager
    • a health and safety representative
    • the human resources department
    • a union
    • a lawyer

    However, many employees may refuse to report due to the sensitive nature of the topic and/or fear of retaliation. As such, employers should set up effective whistleblowing mechanisms. Furthermore, read our comprehensive guide on sexual harassment investigations in the workplace to learn interview tips and key documents specific to sexual harassment.

    Preventing Cyberbullying

    Cyberbullying is also another common form of workplace harassment. Although Cyberbullying shares many similarities with more traditional methods of bullying, it has the potential to be more aggressive and escalate a lot faster. The anonymity, large audience, range of attack methods, lack of face-to-face communication and ability to contact the victim 24 hours a day contribute to the severity of Cyberbullying.

    It is important that employers recognise that addressing Cyber-bullying is essential for creating a safe and productive working environment. In general, the significance of Cyberbullying is underestimated and consequently is not prioritised as an issue requiring attention.

    Many employers don’t take it seriously, especially when the technology being used is poorly understood. Issues that appear to be trivial or based on a personal gripe can have a devastating impact in the workplace. Employers and Employees who recognise this and actively seek to prevent it will be much better placed to avoid the negative consequences of Cyberbullying incidents.

    Bullying and Cyber-bullying can seriously affect morale, cause undue fear and stress, emotional exhaustion and serious health and psychological issues. This can result in lost productivity, increase in staff absence and difficulty retaining staff in an unhealthy work environment. Employees and employers have a Duty of Care towards each other with respect to sensitive personal and political issues, especially when technology like email, instant messaging and social networking is involved.

    The best way to prevent Cyber-bullying is through a combination of policy and education. Given there is no common or uniform legal definition of Cyber-Bullying then the first place to start is to consider that such behavior is a subset of harassment and bullying.


    How Polonious can Help

    Workplace harassment can emerge in many different forms. While clearly communicated policies and standards of behaviour can help ensure people do the right thing, it’s important to ensure there is an accessible complaints/reporting mechanism and fair investigation process when they do. This will not only ensure corrective action is taken, but the visibility of such action will discourage other misconduct as well as make complainants more willing to speak up. While this may seem like a bad thing to some, bringing issues into the light ensures they’re dealt with rather than rotting away at your corporate culture.

    It is important to have a workplace harassment policy, whether as a standalone policy, or as part of a broader HR policy.

    It is important to have a workplace harassment policy, whether as a standalone policy, or as part of a broader HR policy.

    Whistleblower hotlines are a key asset in preventing internal fraud

    Whistleblower hotlines ensure you can deal with problems quickly before they become concerns for regulators.

    Book a Demo Now

    Learn more about how Polonious can help you investigate and prevent workplace harassment and ultimately foster a positive workplace environment.

    Common Indicators of Forced Sexual Servitude

    Common Indicators of Forced Sexual Servitude

    A new financial crime guide released by the Australian Transaction Reports and Analysis Centre (AUSTRAC) is aimed at helping businesses detect and stop forced sexual servitude. 


    Forced sexual servitude is a crime where the victims are made to provide sexual services against their will. This is in contrast to legal sex work as the victims here are under the control of a coordinator. The victims are often under circumstances that they are unable to escape from due to their financial situation, living conditions, or residency status. 

    Forced sexual servitude accounts for about 30 percent of all modern slavery cases in Australia. In 2019-20, the Australian Federal Police identified 40 cases, an increase from 21 cases in 2018-19. 

    This crime has long-lasting physical and psychological damage on the victim. They are often subject to threats, violence, and being denied access to their money and personal documents. They are deprived of their basic human rights, living in poor conditions without access to medical care and other necessities. 

    Being able to spot the signs of sex slavery and act on it can make a life-changing difference. Banks and other financial institutions have a key role to play in identifying the roles and activities of all parties involved. 

    AUSTRAC also requires financial institutions to submit a Suspicious Matter Report (SMR) if they suspect a person is linked to a crime. This forms a part of their Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) obligations. While discussion around Suspicious Matter Reporting focuses on the AML and CTP parts, reporting other organised crime involvement is equally important. Companies should position themselves ethically and work to create a safer community.

    This blog will outline the signs that banks should look out for, and how to report any suspicious behaviour to the relevant authorities. 


    Financial Indicators 

    Financial links exist between all parties involved in this crime. 

    These parties include coordinators, trusted allies, victims, and customers. The coordinator is the main organiser in the forced sexual servitude cycle, using threats, violence, intimidation, detention and withholding personal documents to force the victim to undertake sexual work. Trusted allies assist with the logistics of controlling all the victims, and sometimes source the victims. Victims are the people who are forced into sexual servitude and customers pay for the sexual services.


    Coordinators and Trusted Allies

    The financial indicators of coordinators and trusted allies are:

      • Lack of business-related expenses and transactions
      • Payments to multiple online merchants or classified sites, which can reach $10,000 per month
      • Regular payments to hotels or short-term accommodation providers, totalling $2,000 per month
      • Receiving frequent third-party ATM cash deposits from multiple locations, with amounts in the range of $200 to $800
      • Receiving domestic transfers predominantly from third party males as payment for sexual services. These payments range from $100 and $800, with an average of $250

    The payment patterns indicative of running an illegal sex work business include:

      • Luxury spending habits and gambling activity
      • Purchases that are inconsistent with their customer profile, such as make-up, beauty products and lingerie
      • High volumes of payments to rideshare companies (more than 15 per month) to transport sex workers
      • Regular takeaway orders for large groups of people

    The payment methods commonly used by coordinators include:

      • Cash payments
      • ATM cash deposits
      • Online domestic transfers
      • Online payment platforms 
      • Debit and credit card transactions
      • Face-to-face transactions at a bank branch

    Finally, a common signal of a coordinator or trusted ally is that they engage in other crimes. These people are financially motivated and will take part in illegal activities such as financial scams, identity fraud, welfare fraud, and illicit drug importations.

    It is important to recognise and follow up on signs of modern slavery and sex trafficking, not just to fulfil your obligations to complete an SMR, but because phone numbers, email addresses, bank accounts, and other details you identify may then be fed into your detection tools or raised with your fraud teams to detect potential frauds you would not have noticed otherwise.

    Financial flows of coordinators of forced sexual servitude


    Victims are likely to receive credit transfers from websites, with amounts ranging from $1 to $200. The victim may then transfer this money to a third party who also receives payments from this website.

    The payment patterns and methods typical to a victim of forced sexual servitude include:

      • Making cash deposits into personal and business accounts linked to brothels or sexual services
      • Receiving domestic transfers from the same third party with minimal or no payment references
      • Small domestic transfers to the coordinator 
      • Receiving multiple third party credits or cash deposits and then transferring most of the funds to a singular individual or business (such as a massage parlour or sex on premises business)

    The spending habits often associated with these individuals include frequent and large adult store purchases and continual purchases from clothing, make-up, beauty and lingerie retailers.

    Victims may claim that their occupations are a cleaner, student, beautician, hospitality, social work, home duties or unemployed.

    It is important to note that similar payments are made to legitimate brothels and legal sex workers. A range of indicators should be considered to distinguish forced sexual servitude from legal sex work.

    Financial flows of victims of forced sexual servitude

    Reporting Suspicious Behaviour

    If you observe a combination of the above indicators or other suspicious behaviours, and believe that forced sexual servitude is taking place, you should submit a SMR to AUSTRAC. A SMR should also be submitted if your customer is the victim of the crime. 

    You should submit this report if you have ‘reasonable grounds’ for suspicion. This means that after considering all the information and circumstances available, a reasonable person would have suspicion of forced sexual servitude occurring, and decide that a SMR should be submitted. 

    If anyone in your company spots anything unusual, you must undertake enhanced due diligence to establish whether you have reasonable grounds for suspicion. Further information on enhanced due diligence is available here.

    These reports should be as accurate possible so that there is a better chance of detecting, deterring, and disrupting the forced sexual servitude. They should also be timely, as AUSTRAC requires SMRs to be submitted within 3 business days after completing the enhanced due diligence. 

    You don’t need to know exactly what criminal activity the customer might be involved in to make an SMR. All you need to have is reasonable grounds for suspicion.

    Finally, there are significant financial penalties for submitting an SMR late, or not submitting one at all. 

    For more information about SMRs, visit this website.


    Forced sexual servitude is an abhorrent crime with devastating physical and emotional impacts on its victims. Financial institutions play an important role in identifying and reporting potential cases of this crime, potentially saving innocent lives from further trauma. These companies are required to submit SMRs as part of their AML and CTF obligations. However, financial institutions should strive to put an end to forced sexual servitude in all aspects of their business, and integrate this stance into their code of ethics. 


    Book a Demo Now

    Learn more about how Polonious can help you investigate and respond to fraud.