7.3 Covert operations, surveillance & sources/informants

Key Takeaways

  • Surveillance is planned secret observation; the main types are fixed (stationary), moving (mobile), and heavily regulated electronic surveillance.
  • Surveillance must be planned, documented in a chronological log, and limited to places with no reasonable expectation of privacy.
  • Undercover operations are the most sensitive covert tool, justified only with a clear objective, no less-intrusive alternative, and management plus legal approval.
  • Informants give confidential information with mixed motives; examiners must corroborate, protect their identity, document, and never direct illegal acts.
  • Entrapment is inducing someone not predisposed to commit a crime; merely providing an opportunity is not entrapment, so examiners document existing wrongdoing.
Last updated: July 2026

Covert Operations in Fraud Examinations

Covert techniques gather information without the subject's knowledge. Because they carry real legal and ethical risk, the CFE deploys them sparingly — only with a clearly defined objective, only when less intrusive methods will not work, and always within the law. The three principal covert tools are surveillance, undercover operations, and the use of sources and informants.

Surveillance

Surveillance is the planned, secret observation of people, places, or objects to gather evidence. It answers the who, what, when, and where of an allegation — corroborating or refuting it, identifying associates, and documenting activity. There are three general types:

  • Fixed (stationary) surveillance — observing from a single vantage point, commonly called a "stakeout," such as watching a warehouse suspected of after-hours theft.
  • Moving (mobile) surveillance — following a subject on foot or by vehicle as they move from place to place.
  • Electronic surveillance — using cameras, GPS trackers, or audio devices, which is the most heavily regulated form.

Effective surveillance is planned in advance (routes, relief personnel, communication signals), thoroughly documented in a chronological log recording times and observations, and conducted only where the subject has no reasonable expectation of privacy. Recording or intercepting communications implicates wiretap and consent statutes that vary sharply by jurisdiction — some require all-party consent — so counsel must be consulted before any audio is captured. Investigators also watch for being "burned" (detected) and rotate personnel and vehicles to avoid it.

Legal limits and pretexting

Covert information-gathering must stay lawful. Pretexting — using a fabricated identity or false reason to obtain information — is tightly restricted: obtaining an individual's financial records by pretext violates the U.S. Gramm-Leach-Bliley Act, and impersonating others can itself constitute fraud. Examiners therefore keep every covert technique inside legal bounds and rely on counsel to vet approaches before they are used, because evidence gathered unlawfully can be excluded and can expose the examiner and organization to liability.

Undercover operations

An undercover operation places an operative in a false role to gather information directly from inside a scheme. It is the most resource-intensive and legally sensitive covert technique, justified only when several conditions are met: the information cannot reasonably be obtained by less intrusive means, the potential benefit outweighs the risk, the objective is clearly defined and limited, and both management and legal counsel have approved. Undercover work requires a documented cover story, close supervision, disciplined recordkeeping and corroboration, and a planned exit. It exposes the organization to safety, liability, and entrapment concerns, so the ACFE stresses restraint and formal authorization before any operation begins.

Sources and informants

A source provides information voluntarily and openly — a records custodian or a banker acting within the normal scope of their duties. An informant provides information confidentially, often from within the fraud itself, and frequently has mixed motives such as revenge, money, or leniency. Informants range from ordinary citizens to accomplice-witnesses who took part in the scheme; the latter can supply invaluable inside detail but arrive with obvious credibility problems. Because reliability varies widely, the examiner must:

  • Develop the relationship carefully, honestly evaluating the person's access and motive.
  • Corroborate the information independently before acting on it.
  • Protect the informant's identity — for the person's safety and to preserve future cooperation; careless disclosure can endanger the source and taint the investigation.
  • Document what was provided and how it was verified, while keeping the identity itself secure.

Examiners should avoid making promises they cannot keep, such as guaranteed immunity or payment contingent on the outcome, and must never direct a source to break the law or obtain records illegally on the examiner's behalf — doing so contaminates the evidence and exposes the examiner to civil and even criminal liability. When weighing an informant's account, the examiner considers the person's opportunity to know the facts, any history of reliability, and the motive behind the disclosure, treating uncorroborated accomplice testimony with special caution.

Documenting and using covert results

Covert work produces evidence only if it is properly recorded and lawfully obtained. Surveillance logs, photographs, undercover reports, and informant debriefings must be contemporaneous, factual, and free of speculation, because a defense attorney will probe every gap. Where covert findings point to a crime, the CFE typically coordinates with — or refers the matter to — law enforcement, which can lawfully use tools (search warrants, subpoenas, wiretaps) that a private examiner cannot. Throughout, the examiner preserves confidentiality, protects sources, and keeps counsel informed so the work product withstands scrutiny.

Entrapment

Entrapment occurs when a government agent induces a person to commit a crime they were not otherwise predisposed to commit. Simply providing an opportunity to commit an offense is not entrapment; the legal concern is the inducement of an unwilling person. Courts apply two tests: the subjective test (the majority U.S. approach) asks whether the defendant was predisposed — ready and willing before the agent appeared — while the objective test asks whether the government's conduct would induce an otherwise law-abiding person. Although the entrapment defense technically applies only to government action, private examiners guard against analogous claims because inducement destroys credibility, can create civil liability, and hands the subject a powerful counter-narrative. The safe and proper course is always to observe and document existing wrongdoing, never to instigate a new offense that would not have occurred without the examiner's prompting.

Test Your Knowledge

Investigators observe a warehouse suspected of after-hours theft from a single parked vehicle across the street over several nights. This is an example of:

A
B
C
D
Test Your Knowledge

Which of the following correctly describes entrapment?

A
B
C
D
Test Your Knowledge

A CFE receives a tip from a confidential informant inside the scheme. What is a key obligation before acting on the information?

A
B
C
D