Language selection

Government of Canada / Gouvernement du Canada

Search

Sign in

Sign in

Annual Report on employee misconduct and wrongdoing

(Fiscal year 2024-2025)

On this page

Message from the Commissioner and Deputy Commissioner

In the spirit of transparency and continuous improvement, the Canada Revenue Agency (CRA) is pleased to present its second Annual Report on employee misconduct and wrongdoing, covering the 2024–2025 fiscal year. Building on last year’s foundation, this edition delivers a concise, narrative-driven portrait of how we uphold our values and respond to integrity lapses.

With the dedication of over 55,000 Footnote 1 employees from coast to coast to coast, the CRA remains steadfast in administering tax, benefits, and related programs with integrity, professionalism, respect, and collaboration. Every CRA employee is guided by our Code of Integrity and Professional Conduct, the Directive on Conflict of Interest, and the Values and Ethics Code for the Public Sector.

Over the past year, the CRA rendered 266 Footnote 2 disciplinary measures—from formal reprimands to terminations—each handled through fair and rigorous processes. In addition to reporting misconduct and the associated measures to address and manage cases, we also highlight relevant privacy and security incidents to help identify areas of risk that could be mitigated through stronger controls and prevention. We recognize and appreciate the courage it takes for employees to speak up and report their concerns. This is why the CRA continues to invest in training, awareness campaigns, and guidance to prevent misconduct and wrongdoing before it occurs.

This annual report is a key element of the CRA’s People Strategy and reflects our commitment to the former Clerk of the Privy Council John Hannaford’s renewed focus on values and ethics. By sharing the story behind the numbers—how allegations are managed, decisions are made, and lessons are learned—we reinforce our collective responsibility to foster an environment of accountability, integrity, and respect for all.

We welcome the conversations this report will spark and look forward to building on our progress together.

Bob Hamilton (he/him)
Commissioner

Jean-François Fortin (he/him)
Deputy Commissioner

Introduction

The Canada Revenue Agency (CRA) Annual Report on employee misconduct and wrongdoing reflects our ongoing commitment to accountability, vigilance, and continuous improvement.

This report summarizes all founded misconduct and wrongdoing at the CRA that resulted in disciplinary measures during the 2024–2025 fiscal year. Where relevant, comparative data from 2023–2024 is included to provide context. Disciplinary measures, the nature of findings, grievances, security revocations, and privacy breaches are reported only when they are directly linked to a disciplinary measure and meet statistical relevance thresholds.

As noted in the first Annual Report, CRA employees have access to a variety of mechanisms to report allegations of misconduct. For reference, these mechanisms are outlined in Appendix A and Appendix B. Both anonymous and confidential reporting mechanisms are available internally, and the CRA applies a “no wrong door” policy, ensuring that all allegations are directed to the appropriate channel for review. Key stakeholders work collaboratively to uphold this culture of integrity at the CRA, and their roles and responsibilities are detailed in Appendix C.

The CRA investigates all allegations it receives related to questionable or unethical conduct of CRA employees. Allegations can be made through many channels and from a variety of sources, such as referrals from employees, managers, or members of the public. In accordance with CRA policy instruments, all allegations of misconduct are taken seriously and addressed accordingly. Employees also have access to fair and equitable grievance mechanisms to challenge decisions. Underlying all of these dissuasive mechanisms lies our robust Integrity Framework designed to prevent ethical lapses.

Our Commitment to Privacy

Section 3 of the Privacy Act defines personal information as information about an identifiable individual that is recorded in any form.

It's any information that, alone or in combination with other information, can be used to identify a specific person. The Privacy Act applies to personal information under the CRA's control, such as taxpayer information and certain CRA employee information. It can also apply to information that is publicly available.

To uphold CRA’s privacy responsibilities under the Privacy Act and safeguard the privacy of CRA employees, this report applies de-identification strategies such as thematic aggregation, generalization, suppression of small values (for any data point under 10) and rounding, in accordance with relevant Treasury Board of Canada Secretariat (TBS) guidance. This privacy-first approach allows the CRA to share meaningful insights into misconduct shifts while protecting confidentiality and ensuring ethical reporting.

Methodological Overview

This second edition integrates key lessons learned from the inaugural report. This year’s approach adjusts the scope to focus on disciplinary measures rendered during the 2024–2025 fiscal year. Figures reflect disciplinary outcomes, with additional data on privacy breaches, grievances, and security revocations included only when directly tied to a disciplinary measure rendered in 2024-2025. This refined scope aligns with the Corporate Business Plan and ensures the report remains focused, relevant, and distinct from other internal operational reporting products.

Limitations

Due to variations in data extraction timelines, the information presented in this report may differ from that found in program-specific reports that rely on alternate extraction windows. The Annual Report is intended to identify overarching insights and integrating relevant data points into a cohesive and contextualized narrative. It is not intended to serve as an operational tool, nor does it reflect the status of ongoing or pending investigations, disciplinary actions, or grievance processes.

Workload related to Canada Emergency Response Benefit

The 2024-2025 year was unique in that it marked the end of a large-scale internal investigation into CRA employees who allegedly inappropriately claimed the Canada Emergency Response Benefit (CERB). The CERB provided financial support to Canadians who were directly affected by the COVID-19 pandemic, receiving monthly payments of up to $2,000 for up to seven months. Following internal investigations, certain CRA employees who were found to have fraudulently applied for and received CERB payments were subject to a range of disciplinary measures, up to and including termination of employment.

Given that the situation related to CERB was exceptional and does not represent the normal type or number of initiated investigations on an annual basis, all data related to CERB has been excluded from the 2024-2025 findings in this report so that meaningful comparative information can be reflected in subsequent annual reports on employee misconduct and wrongdoing.

In the 2024-2025 fiscal year, 109 disciplinary measures — of which 78 (72%) were terminations Footnote 3 — were linked to CERB investigations Footnote 4 .

Foundational Concepts

To support the interpretation of the data and insights presented throughout this report, the next section introduces key terms and the framework guiding the CRA’s response to misconduct and wrongdoing.

Distinction should be made between misconduct and wrongdoing, both of which are taken seriously and may lead to disciplinary action.

Misconduct refers to a willful action or omission by an employee that contravenes an act, a regulation, a rule, the Code of Integrity and Professional Conduct, or a CRA policy instrument, and which may result in disciplinary action.

Wrongdoing is defined under section 8 of the Public Servants Disclosure Protection Act and includes breaches that may affect public trust or safety. Specifically, wrongdoing includes:

  1. a contravention of any Act of Parliament or of the legislature of a province, or of any regulations made under any such Act, other than a contravention of section 19 of this Act;
  2. a misuse of public funds or a public asset;
  3. a gross mismanagement in the public sector;
  4. an act or omission that creates a substantial and specific danger to the life, health or safety of persons, or to the environment, other than a danger that is inherent in the performance of the duties or functions of a public servant;
  5. a serious breach of a code of conduct established under section 5 or 6; and
  6. knowingly directing or counselling a person to commit a wrongdoing set out in any of paragraphs (a) to (e).

CRA’s Consequences to Misconduct and Wrongdoing

Misconduct may lead to disciplinary and/or administrative measures, depending on the individual circumstances, nature and severity of the behaviour.

Disciplinary Measures

Discipline is rendered in accordance with the Directive on Discipline which includes the CRA Table of Disciplinary Measures. Acts of misconduct are categorized into groups that have a corresponding range of disciplinary measures. These groups reflect the relative seriousness with which the CRA views the misconduct and help ensure consistency in how discipline is applied across the organization.

The goal of discipline is to deter employees from engaging in misconduct, motivate employees to correct their behaviour when they have committed an act of misconduct, and encourage employees to adhere to the expected standard of conduct. When determining the appropriate disciplinary measure, the CRA considers the individual circumstances of the case; disciplinary measures may range from an oral reprimand up to and including termination of employment.

Investigations that lead to disciplinary measures may be conducted by the Internal Affairs Division, the Workplace Inquiries Centre, or by management in collaboration with Labour Relations.

Employees can grieve a disciplinary measure taken by the CRA in keeping with their terms and conditions of employment or collective agreement. Grievances are addressed in accordance with CRA Procedures for handling grievances.

Administrative Measures

The CRA takes a multi-faceted approach to misconduct, using administrative measures not only to address unacceptable behavior but also to promote corrective action.

Privacy breaches involve the improper or unauthorized access to, creation, collection, use, disclosure, retention, or disposal of personal information. They can result from employee actions that violate CRA policies, such as unauthorized access to, disclosure of, or failure to protect personal information. While some breaches stem from human errors, external threats, or system issues, those caused by negligence or misconduct raise accountability concerns and may trigger administrative responses. The impact of a breach is carefully assessed by the Privacy Breach Management Section in the Access to Information and Privacy (ATIP) Directorate. Privacy breach risk assessments review the sensitivity of the compromised information with the likelihood of misuse, to determine whether the incident poses a risk of harm to affected individuals. If it is determined that there is a potential risk of injury, affected parties may be notified and provided credit protection, if required. In addition, if a privacy breach is deemed material (i.e., could reasonably be expected to create a real risk of significant harm to an individual), the Office of the Privacy Commissioner of Canada (OPC) and the Treasury Board of Canada Secretariat are notified.

Security revocations occur when an individual no longer meets the trust requirements for accessing sensitive information. While the revocation of a security status is an administrative action separate from disciplinary measures, it is often triggered by similar concerns—such as trustworthiness or reliability. In such cases, misconduct can have broader consequences, including the loss of a security status and, potentially, continued employment.

In addition to these measures, other administrative actions may be implemented such as training, coaching, recovery of funds, removal from selection processes, or any other appropriate action. Furthermore, matters may be referred to the relevant compliance or benefit programs, competent law enforcement agencies, or other functional authority, as warranted.

Integrity in Focus: 2024-2025

With the key terms and the CRA’s response framework now clearly defined, the following figure highlights the internal and external initiatives that influenced the CRA’s integrity environment during the previous year.

Figure 01: CRA’s Culture of Integrity

CRA's Culture of Integrity
Image description

This figure is structured in three sections:

  1. 2024–2025 key events and initiatives,
  2. CRA measures at every step of the employee lifecycle, and
  3. CRA core values.

The figure illustrates CRA’s strong foundation of integrity that supports employees throughout their career journey with the core values and lifecycle-based measures that embed ethics into every stage of employment. The sidebars of the pyramid represent the enduring CRA Integrity Framework that supports the culture of integrity at the CRA. At the top, recent initiatives and events from 2024–2025 highlight the CRA’s ongoing commitment to strengthening its integrity culture through education, engagement, and leadership.

  1. 2024–2025 Key Events and Initiatives (top section, dark green house-shaped box):
    • Values and Ethics in Today’s Federal Public Service Symposium
    • Ongoing renewed focus on Values and Ethics from the Clerk of the Privy Council
    • Integrity in Action: Reporting Wrongdoing CRA event
    • CRA review of the Code of Conduct and Directive on Conflict of Interest
    • CRA Values and Ethics Information Sessions
    • CRA’s Values and Ethics Champion Initiatives
  2. CRA Measures at Every Step of the Employee Lifecycle (middle section, green box):
    • Pre-employment:
      • CRA’s Terms and Conditions of Employment on external website and on notices of job opportunities
    • Onboarding:
      • CRA’s Terms and Conditions of Employment in letters of offer
      • Onboarding tools
      • Annual affirmation
    • Employment:
      • Annual affirmation
      • Performance management
      • Character leadership
      • Ongoing and continuous communications
    • Offboarding:
      • Offboarding tools
      • Post-employment reminder process
      • Exit interviews
  3. CRA Core Values (bottom section, light green box):
    • Integrity
    • Professionalism
    • Respect
    • Collaboration

Key insight: The figure emphasizes that integrity at CRA is embedded at every stage of employment, reinforced through events, initiatives, and values,

2024-2025 Key Integrity Metrics

The following figure provides a snapshot of key integrity-related statistics from the 2024–2025 fiscal year, highlighting insights into misconduct and disciplinary outcomes at the CRA. The figures presented below highlight the main metrics from the past year regarding misconduct and wrongdoing cases that resulted in disciplinary measures.

Figure 02: CRA’s Integrity Metrics in brief, 2024-2025 Footnote 5 Footnote 6

Key Integrity statistics
Image description

This infographic features the following brief statistics about misconduct at the CRA in 2024-2025, broken into 8 separate sections:

  • Section 1: There were 370 cases of founded misconducts, and zero cases of founded wrongdoing.
  • Section 2: In terms of investigative authorities, there were 157 investigations conducted by Internal Affairs, and 108 investigations conducted by management.
  • Section 3: There was a total of 266 disciplinary measures rendered.
  • Section 4: The top three disciplinary measures by proportion of cases were 59% suspensions, 24% written reprimands, and 9% disciplinary terminations.
  • Section 5: The most prevalent types of misconduct by proportion were:
    • 16% unauthorized access to one’s own tax information
    • 11% unauthorized access to taxpayer/similar information
    • 10% falsely registering attendance
    • 10% insubordination
  • Section 6: Of 44 privacy breaches, 18 were deemed material and 31 implicated notification of taxpayers
  • Section 7: There were 61 grievances related to misconduct:
    • 64% of terminations were grieved (16 out of the 25)
    • There were zero cases of an External Tribunal or Oversight body issuing a ruling against the CRA
  • Section 8: There were less than 10 security revocations due to misconduct

2024-2025 Misconduct Key Areas of Interest

A closer examination reveals important distinctions in regard to founded misconduct across different categories. The table below highlights the volume as well as the most prevalent type of misconduct within each category. Each misconduct is grouped into a broad category, which then includes more specific types of misconduct.

Table 01 – Key Misconduct Patterns per categories and types, 2024-2025 Footnote 7

Key Misconduct Patterns per categories
Categories Types Included (not limited to) Number of Findings 24-25 Key Takeaway
Failure to protect information Negligence in securing sensitive or taxpayer information, such as allowing unauthorized access to personal, taxpayer, or confidential data - including one’s own tax records. 131 47% of incidents involved employees accessing their own tax information without authorization
Failure to protect CRA’s reputation Contravening the Directive on Conflict of interest, demonstrating conduct that could negatively affect the CRA's reputation, or bringing the CRA or Public Service into disrepute. 111 32% of incidents involved insubordination 
Failure to protect our assets and property Improper or careless use or neglect of CRA or taxpayer facilities or property [including cards, for example, identification cards, individual designated travel card (IDTC)]. 53 34% of incidents involved the unauthorized use of CRA or taxpayer facilities or property
Failure to protect and manage public funds Using a CRA acquisition card for personal transactions, falsely registering attendance or any other action that results in receiving remuneration for time not worked or making false statements under tax laws to gain unauthorized benefits. 42 86% of incidents involved employees falsely reporting attendance
Failure to foster a healthy and respectful workplace Behaviours include dangerous pranks or horseplay, contributing to a poisoned work environment, disregard for health and safety practices, physical violence, unauthorized or unacceptable absenteeism, or reporting to work under the influence. 31 65% of incidents involved behaviour that poisoned the work environment

2024-2025 Overview of Founded Misconduct Footnote 8

This next section provides a deeper examination and more complete picture of all cases of misconduct and their outcomes Footnote 9. Similar types of misconduct have been grouped under each CRA misconduct category previously presented.

To support meaningful analysis while protecting individual privacy, similar findings have been grouped by theme based on shared characteristics and all identifying details have been removed. Only groups containing 10 or more findings are presented for privacy reasons.

Failure to Protect Information

The CRA treats incidents involving the mishandling or unauthorized access of sensitive data with the utmost seriousness. In addition to responding to incidents, the CRA has robust preventive measures in place—including employee training, Enterprise Fraud Management System, and strict access controls in order to reduce the risk of breaches before they occur.

In 2024-2025, there were 131 cases of founded misconduct related to information security Footnote 10. Below are summarized examples of cases that occurred for this category of misconduct:

Table 02: Aggregated Founded Misconduct Pertaining to Failure to protect information, 2024-2025
  • Forwarding CRA-protected information and passwords from CRA to personal email accounts without encryption
  • Leaving workstations and devices unsecured, recording meetings on personal phones, and failing to report known data breaches
  • Accessing or transmitting protected information from unsecured public locations
  • Unauthorized access to own personal or third-party accounts—ranging from one access to over a hundred—including those of spouses, relatives, friends, former roommates, business partners, deceased individuals, and colleagues – occasionally involving confidential information sharing or preferential treatment

Disciplinary and administrative measures rendered included written reprimands, suspensions ranging from 1 to 30 days, rejection on probation and disciplinary termination

Failure to protect CRA’s reputation

Employee conduct, both on and off-duty, plays a critical role in establishing public trust. When standards are breached—through negligence, conflicts of interest, or other unprofessional behavior—the CRA acts to protect its integrity and maintain public confidence.

In 2024-2025, there were 111 cases of founded misconduct that had the potential to negatively impact the CRA’s reputation Footnote 11. These included:

Below are summarized examples of cases that occurred for this category of misconduct:

Table 03: Aggregated Founded misconduct Pertaining to Failure to protect CRA’s reputation, 2024-2025
  • Failing to disclose outside employment or private business, failing to disclose partnerships or property holdings, receiving CRA funds into personal accounts
  • Not reporting criminal associations or financial hardship, using CRA resources or credit cards for personal gain or misusing CRA status in off-duty settings
  • Plagiarizing, approving personal expenses, sharing credentials, and making inappropriate comments while representing CRA
  • Mishandling calls (e.g., excessive hold times, misuse of callback), disclosing sensitive information through unsecure channels and sleeping on duty
  • Missing timesheets, manipulating email and calendar systems, and using other tools to give the impression of being present
  • Insubordination, ignoring formal expectations or failing to follow requirement letters
  • Teleworking from unauthorized or public locations, using personal devices for official work, failing to lock workstations or using internal systems in ways that undermine information security

Disciplinary measures rendered included oral reprimands, written reprimands, suspensions ranging from 1 to 30 days and disciplinary termination.

Failure to protect CRA's assets and property

As the CRA adapts to new ways of working, including remote and digital operations, the responsible use of organizational assets is more critical than ever. Misuse—whether through unauthorized use of equipment abroad, manipulation of system activity, or sharing login credentials—is taken seriously and met with appropriate consequences. The CRA continues to strengthen preventive measures, including employee training, digital monitoring, and clear policy guidance.

In 2024-2025, there were 53 cases of founded misconduct related to employees misusing CRA’s assets and property Footnote 12. These included:

Below are summarized examples of cases that occurred for this category of misconduct:

Table 04: Aggregated Founded misconduct Pertaining to Failure to protect CRA's assets and property, 2024-2025
  • Using CRA assets or property outside of Canada for periods ranging from 1 to 45 days and, in some cases, including roaming or long-distance charges
  • Personal transactions on CRA credit cards
  • Negligent or inappropriate use of CRA assets
  • Manipulating a CRA laptop or using false MS Teams meetings to prevent computer from idling off while not working
  • Sharing CRA credentials with third parties

While some cases did not result in disciplinary action Footnote 13, other disciplinary and administrative measures included oral reprimands, written reprimands, suspensions ranging from 1 to 20 days, rejections on probation, and disciplinary terminations.

Failure to protect and manage public funds

The CRA is entrusted with the Canadian public funds. Misconduct involving the misuse or mismanagement of funds—such as inaccurate attendance reporting, or improper practices to gain financial benefits—undermines public trust and organizational integrity. The CRA addresses such issues through prevention, system controls, employee guidance, and a strong culture.

In 2024-2025, there were 42 cases of founded misconduct related to protecting and managing public funds. Of these, 36 of them involved the falsely registering attendance type.

Below are summarized examples of cases that occurred for this category of misconduct:

Table 05: Aggregated Founded misconduct Pertaining to Failure to protect and manage public funds, 2024-2025
  • Submitting timesheets for hours not worked
  • Logging in late, logging off early, or missing scheduled shifts
  • Periods of inactivity throughout the workday

The number of hours misreported ranged from 65 to 1,352 hours, whereas the number of false or missed timesheet entries ranged from 49 to 210 entries.

While some cases did not result in disciplinary action, other disciplinary and administrative measures rendered included, suspensions ranging from 5 to 30 days, rejections on probation and disciplinary terminations. Administrative measures, including financial recoveries for hours not worked, were also applied.

Failure to foster a healthy and respectful workplace

The CRA is committed to maintaining a workplace where all individuals feel safe, respected, and valued. Any form of harassment or violence—including actions, conduct, or comments that could reasonably be expected to cause offence, humiliation, or physical or psychological harm—is taken seriously and addressed through appropriate disciplinary action. The Agency continues to promote a culture of civility and inclusion through training, awareness, and leadership accountability.

In 2024-2025, there were 31 cases of founded misconduct related to failure to foster a healthy and respectful workplace. Of these, 20 involved behaviour that contributes to poisoning the work environment.

Below are summarized examples of cases that occurred for this category of misconduct:

Table 06: Aggregated Founded misconduct Pertaining to Failure to foster a healthy and respectful workplace, 2024-2025
  • Aggressive or disrespectful language towards supervisors or the public via MS Teams or email
  • Inappropriate behaviour toward colleagues or the public by phone, MS Teams, email, or physical contact

While some cases did not result in disciplinary action, other disciplinary measures rendered included oral reprimands, written reprimands, and suspensions ranging from 1 to 10 days.

Comparative Overview

To better understand the significance of this year’s founded misconducts, this section compares 2023-2024 and 2024–2025 data to highlight different insights. For data points with very few founded misconduct cases, increases or decreases are likely only normal year-to-year variation and were excluded from this section. However, in categories with larger relative shifts, the increase is large enough to suggest more than random fluctuation and was included in the present section.

Because results can be influenced by both reporting and detection practices as well as employee behaviour, it will be important to continue monitoring over several years to see if these shifts persist and how we may interpret them.

Year-over-Year Comparison Footnote 14

Disciplinary Measures Outcomes

Disciplinary data remained generally consistent with the previous year. However, several notable changes emerged:

Investigative Authorities

This year again, Internal Affairs remains the primary source of investigative authorities that led to discipline (157). It is worth noting that management-led investigations rose to 44% (75 to 108) Footnote 15.

Misconduct Patterns

Overall, founded misconduct increased by 15% compared to the previous year, rising from 322 to 370. This corresponds to a ratio increase from 5.1 to 6.6 cases per 1,000 employees. Future reports will continue to monitor these figures to identify potential trends.

As the figure below illustrates, each category of misconduct saw different changes, notably:

Figure 03 – Founded Misconduct by categories, 2023-2024 and 2024-2025 Footnote 16

Misconduct by categoires
Image description

This figure is a clustered bar chart comparing founded misconduct cases by category for 2023–2024 and 2024–2025. Six categories are shown:

  1. Failure to foster a healthy and respectful workplace:
    • 38 founded cases in 2023–2024, represented by a grey bar.
    • 31 founded cases in 2024–2025, represented by a dark purple bar.
  2. Failure to protect and manage public funds:
    • 35 founded cases in 2023–2024, represented by a grey bar.
    • 42 founded cases in 2024–2025, represented by a dark purple bar.
  3. Failure to protect CRA’s assets and property:
    • 33 founded cases in 2023–2024, represented by a grey bar.
    • 53 founded cases in 2024–2025, represented by a dark purple bar.
  4. Failure to protect CRA’s reputation:
    • 74 founded cases in 2023–2024, represented by a grey bar.
    • 111 founded cases in 2024–2025, represented by a dark purple bar.
  5. Failure to protect information:
    • 140 founded cases in 2023–2024, represented by a grey bar.
    • 131 founded cases in 2024–2025, represented by a dark purple bar.
  6. Other:
    • Close to zero founded cases in both 2023–2024 and 2024–2025, represented by grey and dark purple bars.

Key insight: The highest number of founded misconduct cases in both years related to failure to protect information and failure to protect the reputation.

Table 07 below offers a more granular analysis of year-over-year changes in types of misconduct, organized by category of misconduct. Footnote 17

Table 07 – Misconduct Types Insights per categories, 2023-2024 and 2024-2025 Footnote 18

Misconduct Types per categories
Category Year-Over-Year Comparison
Failure to Protect and Manage Public Funds Falsified attendance increased from 17 to 36 founded misconduct cases
Failure to Protect our Assets and Property Unauthorized use of CRA or taxpayer facilities or property increased by 15 founded misconducts
Failure to Protect CRA’S Reputation Insubordination increased from 17 to 36 founded cases of misconduct.
Conduct that could negatively affect the CRA’s image increased from 13 to 25.

Disciplinary Measures - Five-year Retrospective Footnote 19

As the figure below illustrates, an overall increase in disciplinary measures rendered was observed from 2020 to 2025. The early years of the period (2020–2022) were likely influenced by the COVID-19 pandemic context—which may have contributed to fewer disciplinary measures due to remote work and operational disruptions. The 2024-2025 data with 266 measures may reflect an increase in reported or detected misconduct, or more consistent enforcement.

Figure 04 – Number of Disciplinary Measures and Proportion Relative to Employee Count, 2020–2025

Misconduct by categoires
Image description

This figure is a vertical bar chart that shows the number of disciplinary measures at the CRA by year, along with their proportion relative to total employee count. Each year is represented by a single dark purple bar. Categories (Years):

  1. 2020–2021:
    • 142 disciplinary measures, represented by a dark purple bar.
    • Equivalent to 0.29% of the employee population.
  2. 2021–2022:
    • 198 disciplinary measures, represented by a dark purple bar.
    • Equivalent to 0.34% of the employee population.
  3. 2022–2023:
    • 225 disciplinary measures, represented by a dark purple bar.
    • Equivalent to 0.36% of the employee population.
  4. 2023–2024:
    • 225 disciplinary measures, represented by a dark purple bar.
    • Equivalent to 0.36% of the employee population.
  5. 2024–2025:
    • 266 disciplinary measures, represented by a dark purple bar.
    • Equivalent to 0.49% of the employee population.

Key insight: The number of disciplinary measures steadily increased over the five-year period, peaking in 2024–2025.

Forward-Looking Considerations

The absolute number of founded misconduct increased by 48 and disciplinary actions increased by 44 compared within the previous fiscal year Footnote 20. This increase may be influenced by improved detection, heightened awareness activities, and broader organizational changes such as increased onsite presence requirements and budget constraints. Given the workforce (~55,000), these counts remain low in relation to the size of the population, but this year-over-year rise warrants attention and continued monitoring.

Since next year’s report will cover more than two years of data, there will be an opportunity to apply statistical monitoring methods that help distinguish genuine trends from single-year fluctuations.

Conclusion

This second annual report reaffirms our continued commitment to integrity, transparency, and accountability across the Agency. It reflects the concrete actions taken to investigate and address misconduct and wrongdoing and underscores the importance of maintaining a workplace grounded in respect, professionalism, and integrity.

While instances of misconduct may occur, they do not define the character of our organization. With 99.5% of CRA employees not subject to a finding of misconduct last year, the vast majority demonstrate integrity and dedication in their service to Canadians every day. It is this collective commitment that strengthens public trust and upholds the values we stand for.

Through a robust Integrity Framework, clear policies, and ongoing training and awareness initiatives, we are equipping employees and leaders with the tools they need to act responsibly and confidently. We are also fostering a culture where individuals feel safe and supported in reporting concerns, knowing that appropriate actions will be taken.

The publication of this report is not only a reflection of the work done—it is a step forward in our journey of continuous improvement. Together, we will continue to build a workplace that reflects the highest standards of conduct and the shared values that guide our service to Canadians.

Appendix A - Internal Reporting mechanisms for employees

Disciplinary measures
Legend
Image description

This flowchart outlines the different internal mechanisms available for employees to report various workplace issues. Each type of issue is paired with corresponding reporting channels and indicates whether the mechanism is anonymous or confidential, as explained in the legend.

Categories and Reporting Mechanisms:

  • Misconduct:
    • Report to the Manager (confidential).
    • Contact the Internal Affairs Division via fax or mail (anonymous).
    • Contact the Internal Affairs Division via email (confidential).
    • Report to the CRA anonymous internal fraud and misuse reporting line (anonymous).
  • Wrongdoing:
    • Report to the Senior Officer for Internal Disclosures at the Internal Disclosure Office (confidential).
  • Immediate danger or threat of danger to health and safety:
    • Report to the Manager (confidential).
    • Contact the Local Security Official (confidential).
    • Contact the Police (confidential).
  • Harassment and Violence:
    • Report to the Manager (confidential).
    • Use the Grievance Procedure (confidential).
    • Contact the Harassment and Violence Officer or the Harassment and Violence. Prevention Centre (confidential).
  • Discrimination:
    • Report to the Manager (confidential).
    • Use the Grievance Procedure (confidential).
  • Privacy Breach
    • Report to the Manager (confidential).
    • Contact the Local Security Official (confidential).
    • Use the CRA anonymous internal fraud and misuse reporting line (anonymous).

Legend:

Anonymous Mechanism - Identifying information of individual persons is not collected. To remain anonymous, employees should not provide any personal information or any information that would identify them.

Confidential mechanism - Personal information must be collected, used, disclosed, stored, and disposed of in accordance with the Privacy Act, its Regulations, and related policies; and limited information may be shared as required with parties having a vested interest on a need-to-know basis only.

Appendix B - External Reporting mechanisms for employees Footnote 21

mechanisms for employees
Image description

This flowchart outlines the different external mechanisms available for employees to report various workplace issues.

  1. Wrongdoing:
    • Contact the Office of the Public Sector Integrity Commissioner
  2. Discrimination:
    • Contact the Canadian Human Rights Commission
  3. Harassment and Violence:
    • Contact the Employment and Social Development Canada Labour Program

Appendix C - Roles and Responsibilities

Audit, Evaluation, and Risk Branch:

Internal Disclosures Office, Audit, Evaluation, and Risk Branch

The mandate of the Internal Disclosures Office (IDO) is to allow employees to bring forward information concerning wrongdoing at the CRA, and to ensure they are treated fairly and are protected from reprisal when they do so in good faith in a manner consistent with the Public Servants Disclosure Protection Act.

When a matter, such as a human resources issue, could be more appropriately addressed using another process or recourse mechanism, the employee may be advised by the Internal Disclosures Office to explore those avenues (such as a grievance, the Informal Conflict Resolution Program, workplace harassment and violence prevention and resolution procedures, etc.). For more information and contacts, employees should refer to the CRA’s Internal Disclosures Office.

Each year, the Chief Human Resources Officer of the Treasury Board of Canada publishes the Annual Report on the Public Servants Disclosure Protection Act (PSDPA), which presents a portrait of disclosure activities in the federal public sector made in accordance with the internal procedures established under the PSDPA.

Human Resources Branch:

Values, Integrity and Workplace Policies and Programs Division, Human Resources Branch

The Values, Integrity and Workplace Policies and Programs Division directs the development of a comprehensive Values and Ethics Program and associated policies, strategies and initiatives, including the Integrity Framework, the Code of Integrity and Professional Conduct, Conflict of Interest portfolio, and Political Activities Program to ensure that the integrity of the Agency remains at the forefront amongst tax administrators nationally and internationally. The Labour Relations Policy and Program section is responsible for the Directive on Discipline, the Procedures for addressing employee misconduct and supporting tools. They also provide functional direction to the Workplace Relations Centres of Expertise and the Workplace Inquiries Centre.

Workplace Harassment and Violence Prevention, Human Resources Branch

The Harassment and Violence Prevention Centre works with managers and employees to effectively prevent occurrences of workplace harassment and violence. They aid in the resolution of the occurrences with a focus on preventing future occurrences. The Centre is responsible for the operational oversight consistent with the Canada Labour Code (CLC) Part II and the Work Place Harassment and Violence Prevention Regulations. For more information and contacts, employees should refer to Addressing an occurrence of workplace harassment and violence. The CRA considers any threat or act of harassment and violence, by or against employees, to be acts of misconduct, but the Harassment and Violence Prevention Centre does not address harassment and violence from a misconduct perspective. When managers become aware of allegations of misconduct, and at each stage of the discipline process, they must consult with a labour relations advisor within the regional Workplace Relations Centre of Expertise. The workplace harassment and violence resolution process is not intended to be adversarial, find fault, or correct individual behaviour through discipline. It is a health and safety process.

Workplace Inquiries Centre, Human Resources Branch

The Workplace Inquiries Centre (WIC) provides information on available prevention, resolution, and formal recourse processes to both managers and employees. They are responsible for reviewing and investigating allegations of misconduct related to discrimination, harassment, and violence when they are referred by management following consultation with Labour Relations. The WIC is also responsible for the investigator procurement process supporting the acquisition of external investigators as the need arises. For more information and contacts, employees should refer to Workplace Inquiries Centre.

Workplace Relations Centre of Expertise (Regions), Human Resources Branch

The Workplace Relations Centre of Expertise is present within every Region at the CRA. Each Centre of Expertise actively supports compliance with the Directive on Discipline and related corporate policy instruments. They also provide consultation services and support to management, including on how to apply the Directive on Discipline, the Procedures for addressing employee misconduct, and relevant application tools.

Public Affairs Branch:

Privacy and Access Policy Division, Public Affairs Branch

The Privacy and Access Policy Division plays a key role in supporting the Chief Privacy Officer in overseeing privacy compliance across the CRA. Its responsibilities include managing privacy breaches, coordinating privacy assessments, and developing and advising on policies and procedures to strengthen privacy and access to information management at the CRA.

As the CRA’s centre of expertise on privacy and access to information policy, the division also ensures the CRA meets its statutory obligations under the Access to Information Act and the Privacy Act. This includes providing training and awareness opportunities to help employees understand and fulfill their responsibilities under both Acts.

Security Branch:

Internal Affairs Division, Security Branch

The mandate of the Internal Affairs Division (IAD) is to provide national services for administrative investigations into allegations or suspicions of employee misconduct. The Agency Security Officer (ASO) is functionally responsible for the management of the Agency's security program. The ASO has delegated the IAD to conduct administrative investigations. This Division is responsible for the CRA anonymous internal fraud and misuse reporting line. The CRA established this reporting line to provide employees with a secure and trusted way to report suspicions or knowledge of internal fraud and misuse. To ensure the highest level of privacy and confidentiality, the line is managed by a third party, offering an additional layer of trust for those who may not feel comfortable using the organization’s existing internal channels. For more information and contacts, employees should refer to How to report internal fraud and misuse.

Personnel Risk Assessment Division, Security Branch

The Personnel Risk Assessment Division evaluates security risks related to CRA employees, assets, and information, particularly following the conclusion of an Internal Affairs investigation into allegations of misconduct.

If warranted, a formal review is initiated, including a Resolution of Doubt (ROD) interview. The ASO decides whether to maintain or revoke the individual’s security status or clearance. A revocation leads to termination of employment for non-disciplinary reason because maintaining a valid security status is a condition of employment. All adverse information is retained and flagged for future reassessment in the event that the individual reapplies to work at the CRA.

External resources:

Canadian Human Rights Commission

Under the Canadian Human Rights Act, an individual or group of individuals may submit a Canadian human rights complaint to the Canadian Human Rights Commission (CHRC) related to any action or decision for which they have reasonable grounds to believe resulted in the unfair or negative treatment of a person under the prohibited grounds of discrimination.

Office of the Public Sector Integrity Commissioner of Canada

The Public Servants Disclosure Protection Act gives federal public service employees and others a secure and confidential process for disclosing wrongdoing in the workplace as well as protection from acts of reprisal as an alternative to employees reporting wrongdoing to their own department’s Internal Disclosures Office. For more information and contacts, employees should refer to the Office of the Public Sector Integrity Commissioner.

Other resources:

Different confidential support measures are available to CRA employees and managers to support them and restore the work environment. Employees can access information on medical, psychological, and other support services available in their geographical area through the Employee Assistance Program by contacting either their Coordinator-Counsellor or the External Service Provider. They also have access to the Informal Conflict Resolution services in order to help prevent or resolve a workplace conflict.

Appendix D - Definitions

The following section provides definitions of some key concepts central to this report.

Administrative measure refers to a range of corrective actions such as training, coaching, recovery of funds, modifying the employee's system access, revocation of security status or clearance, rejection on probation, etc. If an employee is incapable of meeting a particular performance expectation, or of attaining the expected quality of work because of a lack of skill, ability, or training (incapacity or incompetence), then administrative measures, and not discipline should be used to correct the behaviour.

Disciplinary measure refers to the employer's response to misconduct. The goal of discipline is to deter employees from engaging in misconduct, and when misconduct does occur, to motivate the employee to correct their behaviour, and adhere to the expected standard of conduct (except in cases such as termination of employment). Disciplinary measures can include an oral or written reprimand, suspension, financial penalty, demotion, or termination of employment.

Discrimination is any action, decision, policy or process in matters relating to employment with the CRA that differentiates adversely in relation to, or has an adverse effect on, an employee based on a prohibited ground of discrimination, or otherwise constitutes a discriminatory practice described in sections 7 to 14.1 of the Canadian Human Rights Act.

Harassment and violence, as per the Canada Labour Code, is any action, conduct or comment, including of a sexual nature, that can reasonably be expected to cause offence, humiliation or other physical or psychological injury or illness to an employee, including any prescribed action, conduct or comment.

Misconduct is defined as a willful action or omission by an employee that contravenes an act, a regulation, a rule, the Code of Integrity and Professional Conduct, or a CRA corporate policy instrument, and which may result in disciplinary action.

Security incident refers to any event that may threaten the safety, security, or integrity of CRA employees, assets, or information.

Wrongdoing as defined in section 8 of the Public Servants Disclosure Protection Act:

  1. a contravention of any Act of Parliament or of the legislature of a province, or of any regulations made under any such Act, other than a contravention of section 19 of this Act;
  2. a misuse of public funds or a public asset;
  3. a gross mismanagement in the public sector;
  4. an act or omission that creates a substantial and specific danger to the life, health, or safety of persons, or to the environment, other than a danger that is inherent in the performance of the duties or functions of a public servant;
  5. a serious breach of a code of conduct established under section 5 or 6; and
  6. knowingly directing or counselling a person to commit a wrongdoing set out in any of paragraphs (a) to (e).

Page details

2026-01-28