Intercon not liable for $1 million robbery

Former security guard stole money from Royal Bank ATMs but the bank, not his employer, gave him the means to steal the cash

The former employer of a security guard who stole more than $1 million from Royal Bank cash machines was not liable for the thefts, the Ontario Superior Court of Justice ruled.

Royal Bank sued Intercon Security Ltd. after a security guard broke into 11 bank branches in Ontario between Jan. 19, 1994, and Aug. 26, 1996, claiming Intercon was vicariously liable for the guard’s actions.

The bank said Intercon gave the worker the opportunity to commit the thefts and enhanced the likelihood he would steal from the bank or, alternatively, that Intercon failed to maintain sufficient control of the bank’s keys, among other transgressions.

Hornett's background

David Hornett started working for Intercon in 1991 as a security guard. He was later transferred to a mobile response division. He would patrol in a fixed geographical area, checking the premises of clients and responding to alarms. When responding to an alarm, he would first examine the exterior and then enter the building.

He would enter with the use of a key, which he would obtain from a box of keys in numbered envelopes in the trunk. He received the box of keys at the start of each shift. He would only learn which envelope contained the key for the building when the dispatcher told him the envelope number in order to enable him to respond to an alarm.

When he used a key, he was required to record his use of it in a logbook and place the key in a canvas bag along with the envelope it had been in. At the end of each shift, the key box and its contents and the logbook were turned over to the key administrator.

The idea for the theft

On Jan. 13, 1994, Hornett was dispatched to a Royal Bank branch in Toronto at 1 a.m. An automated teller machine (ATM) alarm had been set off accidentally by ATM service staff. One week later, this would become the first branch Hornett would rob.

Hornett noticed that none of the Royal Bank branches appeared to have perimeter alarms, door alarms or motion alarms. They only had vault alarms and panic buttons. There were surveillance cameras in the branches, but they were pointed at public areas — not the entrance and not the ATM room.

He noticed that the back of each ATM was a safe with two combination dials and a handle. Each dial had a coloured dot, one yellow and one blue. Next to each safe were two mini-safes, one yellow and one blue, matching the colour of the dots. Each mini-safe was about six inches in length, width and height, with a slot in the side and a combination dial on the front. Hornett surmised, correctly, that these contained the combinations for the ATM safe.

The first robbery

On Jan. 20 he got together with a friend and went to the Toronto branch he had responded to the alarm at a week earlier. He entered using a key he had obtained from Intercon, though he testified he did not recall precisely when or how he got the key.

When in the bank, the pair went directly to the ATM room. They then attempted to remove pieces of paper through the slots in the two mini safes. This proved to be a difficult, time-consuming process. When they got the pieces of paper out, they discovered each had three numbers written on them. They tried to use these combinations to open the ATM safe, but were unsuccessful. The dials on the combination locks did not operate like typical high-school locker combinations.

Just when the thieves were about to call it a night and leave empty-handed, one of them spotted a manual for the ATMs on a nearby shelf. The manual contained a section that outlined the procedures for using the combinations. With some difficulty, they were able to open the vault after 20 minutes of work. Opening the vault triggered an alarm, and the pair escaped with the cash. They were in the bank for about four or five hours and they took the surveillance tape with them when they left.

Emboldened by their success, they decided to commit a series of additional thefts, all on the same night. On Feb. 12, 1994, four Toronto Royal Bank branches were robbed in the same manner, again using a key from Intercon.

Hornett voluntarily resigned his position with Intercon on April 4, 1994, prior to the commission of the last six thefts. In later thefts, he didn’t use a key and simply spun the locks out of the doors to gain access to Royal Bank branches across southern and southwestern Ontario.

The court's decision

The Ontario Superior Court of Justice said Intercon was not vicariously liable for Hornett’s actions. Using the Salmond test, the court said employers are vicariously liable for employee acts authorized by the employer or unauthorized acts so connected with authorized acts that they may be regarded as modes, albeit improper modes, of doing an unauthorized act.

Hornett’s actions were not authorized by Intercon, nor did his employment give him the opportunity to steal from the ATMs, the court said. His employment did not authorize him to be on the bank’s premises when not responding to an alarm, when off duty or to be in possession of a key when off duty. Therefore, his conduct was not sufficiently related to his employment.

The fact he had a key was unimportant, the court said, because it was clear the branches were vulnerable to entry regardless of access to door keys.

“The bank was aware of this risk and chose to run it,” the court said. “It keyed its doors with low security keys. It had no entry alarm system. It had no motion alarm system. It had no surveillance cameras designed to record unlawful entries.”

So while his employment with Intercon undoubtedly gave him the idea to steal from the ATMs and the opportunity to enter a branch, it did not provide him with the means to steal the money.

“Those means were readily provided by the bank to any clever intruder,” the court said. “The combinations to the machines were conveniently available in boxes near the ATMs with slots in the boxes enabling the combinations to be removed. And the intricate method for using the combinations was described in manuals that were readily accessible to intruders on shelves above the ATMs. It was foreseeable to the bank that an intruder could gain access to the ATMs. It was not foreseeable to Intercon that one of its employees could do so.”

Using the factors set out by the Supreme Court of Canada in Blackwater (see box below), the court said it was clear Intercon could not be held liable for Hornett’s actions.

It did not give him the opportunity to abuse his power. The wrongful act did not further Intercon’s aims — in fact, it did the opposite. It undermined its relation with the bank and had the potential to undermine its reputation.

Hornett only had access to the bank when an alarm was tripped. He was not stationed there nor was he in control of the premises. Taking these factors, and others, into account the court said there was at best a weak connection between his employment and the thefts and the bank itself was negligent with its own ATM security practices.

For more information see:

Royal Bank v. Intercon Security Ltd., 2005 CarswellOnt 5922 (Ont. S.C.J.)



The Supreme Court on vicarious liability

IN 2005 the Supreme Court of Canada summarized the concept of vicarious liability, and when employers could be held responsible for the actions of their employees, in the case of Blackwater v. Plint:

“The fact that wrongful acts may occur is a cost of business. The imposition of vicarious liability in such circumstances serves the policy ends of providing an adequate remedy to people harmed by an employee and of promoting deterrence.

“When determining whether vicarious liability should be imposed, the court bases its decision on several factors, which include (a) the opportunity afforded by the employer’s enterprise for the employee to abuse his power; (b) the extent to which the wrongful act furthered the employer’s interests’ (c) the extent to which the employment situation created intimacy or other conditions conducive to the wrongful act; (d) the extent of power conferred on the employee in relation to the victim; and (e) the vulnerability of potential victims.”

To read the full story, login below.

Not a subscriber?

Start your subscription today!