6 challenges for compliance officers in 2020

The job of a compliance officer can be a difficult one. Organisations from large corporations down to small government agencies rely on their compliance officers to keep them within ethical and legal boundaries. They also rely on them to maintain monitoring and reporting requirements, and stay abreast of any changes in the compliance landscape. For professionals in this field, the bad news is that challenges will continue to increase in the near future (as we’ll explain in this article). The good news is that there are trained experts available to work hand-in-hand with organisations’ compliance officers to minimise risk and help them remain in compliance.

The stakes are high, as organisations in both the public and private sectors face new laws and regulations in jurisdictions around the world, along with increasingly strict enforcement and punishments. Investigations of violations can, and often do, lead to heavy fines. In some cases, criminal charges may result – and these can be levied against the organisation, or individuals, or both. Here are some of the biggest challenges facing compliance officers today:

 1. Anti-money laundering (AML) regulations

The Panama Papers and other major scandals, including the illicit funding of certain terrorist actions, brought money laundering issues firmly into the spotlight. Many governments have been stirred to action to create stronger measures meant to prevent the illegal funding of criminal or terrorist enterprises. In the European Union, this resulted in the 5th Money Laundering Directive (5MLD), which takes effect in January 2020. 5MLD impacts organisations most directly in how they handle their know-your-customer (KYC) processes.

In the run-up to the 5MLD, there was increased attention on high-risk countries. Clients or transactions engaged in high-risk countries are now subject to enhanced due diligence when performing onboarding checks. Compliance teams need to ensure KYC is not a simple “tick box” exercise during the onboarding phase, and ongoing monitoring processes need to be implemented to manage changes throughout the customer lifecycle.

5MLD requires enhanced due diligence when dealing with high-risk countries. In addition to obtaining evidence of the source of funds and source of wealth, information on beneficial ownership and background to the intended transaction must also be recorded. The EU may also designate a ‘blacklist’ of high-risk countries for money laundering.

2. Conflicts of interest

Risks related to conflicts of interest are significant at every level of the company. Starting with the board of directors, an effective board must be transparent about potential conflict issues and address them on an ongoing basis. Board decisions that either suffer from actual conflicts can risk the board’s adherence to its duties and create real legal risks. Even the appearance of a conflict can raise real issues and transparency becomes even more important in these contexts.

This same level of risk can undermine the integrity of senior management. When senior executives fail to address real and significant conflicts, the integrity and overall leadership trust factor can deteriorate. A compliance executive must be willing to take on these issues, even when it is difficult to confront senior executives.

Within the private equity (PE) industry, conflicts and their adequate disclosure remain problematic. In recent years regulators have made examinations of PE firms and their complex structures top priorities. Most major organisations – and their compliance officers – see outside business activities as a risk.

3. Innovation driving new demands

New innovations are providing increased efficiency in compliance processes, which is a major plus for organisations. Always a double-edged sword, however, technology also creates more issues in data security, not to mention the training and expertise required to master it.

For many ‘non-tech’ professionals such as compliance officers, rapidly changing technology can be a concern, as the importance and integration of technology into the compliance suite continue to evolve. Compliance officers may not need to become technology experts, but they do need to ensure that tech-related risks are addressed within their firm’s framework. Compliance must be aware of rules and regulations from every jurisdiction with authority over the firm’s activities. This is another area where partnering with an outside firm that provides training and technology resources can be a major advantage.

4. Regulatory and political change

Recent years have seen a flurry of new regulations from various governmental bodies and jurisdictions, from the General Data Protection Regulation (GDPR) act to 5MLD. The GDPR, for example, has extraterritorial reach. It also serves as a model for future possible regulations in the critical area of data privacy and cybersecurity.

In Europe, Brexit creates real uncertainty for the UK’s regulators, and the industries that they regulate. But Brexit also impacts EU member states and any organisations doing business within or through the UK. The impact is far-reaching, and regulators face major challenges in responding to profound changes in policy, the legislative framework and the wider economic context.

Politics in the United States and other nations have also seen similar dramatic shifts in governmental control and resultant effects in policy, which can impact regulatory laws and how they are implemented and enforced worldwide. One thing is certain – investigations and legal actions based on violations of the Foreign Corrupt Practices Act (FCPA) continue to increase, and organisations must remain diligent in conducting risk assessments and implementing control measures to remain in compliance.

5. Personal liability

One area of concern sure to grab the attention of any compliance officer is the issue of personal liability. Recent news stories have reported criminal convictions, some leading to prison sentences, of executives, “middle men” and other individuals involved in various scandals. Compliance officers should take heed, as their responsibilities to their company can also extend to their own professional conduct being placed under a microscope. Many compliance professionals are aware of this, as a recent Thomson-Reuters survey found that 60% of them expect personal liability to increase.

New initiatives underline this reality, such as the Senior Managers and Certification Regime (SCMR) in Europe. It places a focus on firms’ senior managers and individual responsibility, and extends to all Financial Conduct Authority (FCA) solo-regulated financial services firms. The FCA itself has been increasing enforcement notices against individuals. We can expect an increase in these types of measures and they will apply to industries beyond those in the financial sector.

6. Ethics and integrity

Today’s business landscape brings an increased emphasis on the culture of an organisation, with an eye toward ethical practices and principles. With growing scrutiny from both regulators and stakeholders, the pressure is on for compliance professionals and their superiors to take broader responsibility for policies, procedures and controls to create a truly ethical business.

The Cambridge Analytica scandal is a notable example of how data misuse has serious brand and societal implications, on top of legal and compliance penalties. The public outrage was so intense that governments were forced to act, calling on Facebook and other involved parties to testify and explain themselves. The market’s reaction was also punishing, with more than $100 billion knocked off Facebook’s share price in days, while Cambridge Analytica went out of business.

In conclusion, AML regulations, conflicts of interest, innovation driving new demands, regulatory and political change, personal liability, and ethics and integrity issues are among the biggest challenges facing today’s compliance professional. This is the time to address solutions. There is expert help and a wealth of resources available, with no better time to leverage them than the present.

Let us know if you would like to learn more! Contact us today and get your FREE QUOTE now!

 

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

 

3 ways to protect your Company’s Reputation

In today’s connected business world, there are very few secrets. United Airlines, for example, recently learned the hard way that one ugly incident can go viral and spread around the world in a matter of minutes – not hours, days or weeks. protect company reputation

United initially faced criticism over the rough treatment of a passenger being removed from one of their planes. Then, the company learned a second lesson when its CEO’s response to the crisis seemed somewhat disconnected and uncaring. United was in the middle of a reputational crisis, and its first official response to angry consumers only added more fuel to the fire. Later, the CEO offered an apology and a more compassionate statement – but the damage was done.

There are lessons to be taken from this and other high-profile cases where companies have seen their reputation, which they’ve worked hard to cultivate, trashed in the public spotlight. The fact is, things happen, and no company has a guaranteed way to safeguard their reputation from ever being dinged or facing scrutiny, whether fair or not. But there are ways to mitigate the damage and help ensure your company survives the crisis, and can rebuild its reputation in a positive way.

Know that people are talking about you

In the age of Twitter, Facebook, Yelp and other social engagement sites, people are keen to talk about what they like, dislike, what they wish would be better, and anything else on their mind. That includes your company and your products or services. Accept this and embrace it. Engage with people who post on social media when appropriate, and always in a polite and respectful manner. When there is a legitimate problem, communicate that you are taking the matter seriously and looking to resolve it, and then do so.

1. Be transparent

A way to be proactive in your engagement with others is to ask for feedback. Then be prepared to address it, good or bad. Consumers, stakeholders and even your own employees will be impressed by the open lines of communication and an honest dialog. In this way, you can strive to improve your services and offerings and show that you are receptive to your client’ needs.

2. Protect your customers’ data

Nothing can destroy your reputation among your clients and customers quicker than having to tell them their personal information, which was entrusted to you to remain private and protected, is now in the hands of hackers or criminals because you suffered a security breach. Even worse is when they learn that your company did not take all the measures necessary, or even the most basic ones, to prevent such a breach from occurring. Not only might you be criminally liable, but customers will run from you, not wanting to take a risk that something like that could happen again in the future. In today’s high-risk environment, you must have the most sophisticated and up-to-date security measures in place to protect your date – and your reputation.

3. Conduct due diligence

How much do you know about your third-party partners – those suppliers and contractors that you’ve trusted for years, or new ones with whom you seek to engage? An unethical partner can have serious effects on your own company’s reputation – bribery, corruption, supply chain problems are all issues that can end up tainting your own business and causing your customers to lose trust in your products or services. Conducting thorough due diligence, with background checks and full risk assessments, is the only way to help protect your reputation from potential harm.

It may feel sometimes like your company’s reputation is out of your control. However, there are steps you can take to help manage your reputation and help steer the conversation. It becomes more difficult when you wait, and try to undo later the damage that has already been done. That’s why being proactive in maintaining a positive reputation is the best strategy. Contact CRI Group today and let us help you stay on the path to managing your message and your reputation.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Top 4 Red flags during a Merger & Acquisition

The business world is often transitional, and the landscape changes as entities grow or industries change – and the players involved have to change with it. Mergers and acquisitions are examples of these “transitional times,” and they are also among the most critical times to conduct proper and thorough due diligence.

There are inherent risks involved with the “unknown factor” that outside entities represent. By nature, merging with another entity, or acquiring it altogether, can be an exciting time, but background screening is especially crucial at this juncture.

When conducting due diligence before a merger or acquisition, what are some of the red flags that should make you take a closer look?

CRI® Group has conducted numerous due diligence engagements for clients undertaking major business deals. Our agents have also conducted many investigations for organisations that failed to do proper due diligence, and as a result became victims of fraud. Our findings in those investigations have provided a road-map of things to look for, and be cautious about, when in the pre-merger or pre-acquisition stage.

Here are a few red flags for any organisation undergoing a merger or acquisition:

1. Legal issues

When merging with or acquiring another entity, due diligence will uncover legal proceedings, including any troubling issues that the entity might have been trying to keep hiding. Past or current litigation or even criminal proceedings have been uncovered in background checks.

2. Credit risks

Some potential partners might be financial landmines, bringing the kind of baggage your organisation cannot afford. Has the entity claimed bankruptcy? Have they dissolved prior companies or are they faced with debtor filings? Proper due diligence will uncover these and other financial risk factors.

3. Lack of experience

If your organisation is looking to partner with a contractor or service provider, what is their experience level in the industry? Have they successfully completed past projects of a similar scale? Nothing can hurt your reputation with clients and customers more than having your deliverability affected by a contractor that cannot handle to job.

4. People problems

Hopefully, your organisation conducts thorough employee background screening of all potential and current employees. Can you say the same for the entity you are considering for a merger or acquisition? If not, the risks are great: fraud risks, criminal conduct, even employees without the needed training or skill level doing dangerous jobs could all come back to damage your own organisation and reputation. Comprehensive and thorough background screening, including of owners and principals (perhaps these are most important) will uncover such risks.

None of these red flags, on their own, are necessarily absolute roadblocks to a proposed merger or acquisition. Some scenarios can be explained, and certain circumstances simply require a fuller explanation.

But the key is having the information. In business, being surprised is generally not a good thing. This is never more true than when dealing with mergers and acquisitions.

Staying one step ahead of any critical risk to your organisation is part of being an effective business leader. Contact us today and get your FREE QUOTE now!

 

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Any successful ethics and compliance strategy needs 5 key ingredients …

Once upon a time, the idea of business ethics was more of an abstract or philosophical notion that seemed more suited for discussion in a university lecture or at a business conference. Today, however, organisations of all sizes and industries must have concrete ways of addressing ethics and compliance issues as a principal component of their business processes and strategy. 

According to a study by PwC, 98 per cent of senior leaders say they’re committed to compliance and ethics; however, only 67 per cent have a process in place to identify the owners of compliance and ethics-related risks, with only a third having an officer in place for the overall compliance and ethics. Fifty-six per cent of the companies don’t have a chief ethics officer at all, and only 20 per cent have a Board of Directors that formed separate compliance and ethics committees. The study reports that 82 per cent of leaders communicated with employees on ethics, but 46 per cent of this is done in business meetings or by email. You can read the result on the full PwC website.

Business leaders are usually quick to communicate their expectations to employees, especially when it comes to financial goals or tasks that they want to be accomplished. However, what is often lacking is a clear, concise explanation of what the organisation expects regarding ethical behaviour and a compliance framework in place to follow. Today citizens, media, politicians and international bodies across all regions actively condemn abuses of power. And past scandals and their consequences have created a demand for increased regulations, greater transparency, and other rigorous scrutiny measures to be taken. To maintain (or regain) public trust, the ethics and compliance function has been placed at the centre of the strategic core of organisations by effective leaders.

Empower your organisation to mitigate risk!

To ensure a robust compliance and ethics strategy, five critical elements need to be implemented; 1) tone at the top; 2) corporate culture; 3) risk management, 4) a Chief Compliance Officer; and 4) testing and monitoring.

1 – Building Tone at the Top

“Tone at the top” is a term used to describe the ethical atmosphere created at an organisation or workplace by their leaders and their attitudes and behaviours. Tone at the top is vital in determining whether fraud, bribery, or corruption are likely to occur. Because all levels of management set it, it has a trickle-down effect on all employees. If the top leaders show a robust and zero-tolerance approach to fraud, employees are likely to lead by example.

An organisation with a strong ethical culture is usually led by a board of directors and senior management personnel who actively promote a culture of compliance and zero tolerance for fraud and other unethical business behaviour. Effective tone at the top will communicate to the organisation at all levels the expected type of conduct, what is considered unacceptable, and what the consequences will be for transgressions. A zero-tolerance approach should be followed at all times; it is vital in maintaining the culture of ethics and compliance at the organisation; below are some examples of failed tone at the top:

For more scandals, check out our list of the “Top 10 Bribery & Corruption Stories of 2020.

2 – Corporate culture

The prevailing norms, expectations, and recognised acceptable behaviour form the corporate culture of an organisation. By implementing an ethical code of conduct and compliance with all regulations a part of those norms, the organisation will help promote positive behaviour and integrity among its staff. 

You might be making assumptions that your employees know how to conduct themselves ethically when, in fact, this expectation only exists in a grey area in their minds – if at all. Some employees who have engaged in fraud, corruption or other unethical situations have claimed that while they knew their behaviour was wrong, they thought it was implicitly accepted by their bosses and, in some cases, their company on the whole.

Similar to establishing an effective tone at the top, fostering a positive corporate culture hinges on effective communication, and it needs to permeate different layers of the organisation. In other words, sending occasional emails about ethical behaviour isn’t enough to influence the culture at a company. Develop videos, team-building exercises, new employee orientations, and employee appreciation events; these provide opportunities to recognise positive behaviour and reinforce the company’s values. When employees see their colleagues being recognised and rewarded for maintaining a compliant and ethical corporate culture, they are more likely to help cultivate an ethical workplace. When the tone at the top and corporate culture are tied together, everyone understands what is acceptable and expected in being a part of the organisation’s success.

3 – Risk management: perform risk assessments

Risk management is identifying, evaluating, and prioritising risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimise, monitor, and control the probability or impact of unfortunate events to maximise the realisation of opportunities. In other words, before you establish an ethics and compliance framework – first, a risk assessment should be conducted to uncover any vulnerabilities that need to be addressed with new processes. 

Risk assessment breakdown: Identification, Analysis, Evaluation   

This means you need to assess how your business is conducted. So ask yourself:

  • Have the various roles at the company been appropriately allocated, and is there a proper separation of duties?
  • Are employees qualified for their responsibilities?
  • Is the workforce trained to recognise the red flags of unethical behaviour and fraud?

Once the risks are identified, they can be isolated and addressed as part of your organisation’s comprehensive approach to ethics and compliance. The risks should be prioritised:

  • Which ones pose an immediate threat?
  • Could they effectively shut down the business?
  • Do they pose a risk of financial, legal, or reputational risk – or all of the above?

Once prioritised, the identified risks should be assigned to critical members of the organisation. Whatever your reasons or motivations might be, if your organisation’s objective is to have an effective risk management strategy in place, then ISO 31000 can provide the principles, framework and a process for managing risk.

4 – A Chief Compliance Officer (CCO)

The implementation of a robust ethics and compliance strategy can give your organisation a competitive edge. A compliance officer or a CCO plays an essential and crucial role in the implementation. They are tasked with the day-to-day responsibility of overseeing the management of compliance and ethical risks whilst ensuring that the organisation is in compliance with the various regulatory requirements and that employees adhere to internal procedures and policies. Oversight should be provided by the board of directors (or ownership and executives) to ensure that problem areas have been adequately addressed and the organisation is taking a proactive approach to mitigating risk. 

5 – Testing and monitoring

When all the new processes have been implemented (the anti-fraud policy and employee code-of-conduct, anti-bribery and anti-corruption training and policies, allocation of duties and responsibilities, an anonymous reporting -hotline- process for unethical behaviour), a thorough testing and monitoring regimen is critical to ensure the new process is working. 

It is important to remember that having the best processes on paper won’t make a positive difference on its own. You need to monitor how they are being used and their success. A schedule should be in place that promotes frequent, regular check-ups of the ethics and compliance controls, with metrics that show results (i.e. surprise audits). A surprise audit is an effective way to test if any new controls have reduced the flagged irregularities. Before implementing ethics and compliance controls, the risk assessments should have identified risk areas with the new processes to mitigate that risk. Only by testing and testing frequently can the organisation determine if the new controls have the desired effect. If they are not, the company should develop new solutions that specifically robustly target these problem areas – and, in time, test them again.

Addressing ethics and compliance issues at an organisation can be a daunting task. However, with careful preparation, expert help, and a common-sense approach, any organisation can develop or enhance its corporate culture to be proactive in mitigating ethics and compliance risks. The benefits will be obvious – increased productivity, better security, and empowered employees who understand that their organisation values integrity and an ethical work environment.

Create a zero-tolerance approach to fraud with ISO 37001 ABMS

Creating a zero-tolerance approach to fraud doesn’t happen overnight. When your organisation enrols in ISO 37001:2016 ABMS training and certification, the program involves your entire team. The training helps establish an ethical culture by educating your employees on the following:

  • What constitutes fraud, corruption, and bribery, and why these are so damaging to business
  • How to identify red flags of fraud, corruption and bribery
  • The process for reporting fraudulent and unethical acts
  • The organisation’s zero-tolerance attitude toward unethical behaviour and willingness to terminate employees for breaches and prosecute unethical acts
  • The severe ramifications for committing fraud or bribery, the legal consequences, and the negative impact on one’s career

Employees shouldn’t be expected to follow a code of conduct that they aren’t aware exists. That’s why ISO 37001:2016 ABMS creates a communication plan through which organisation leaders regularly communicate their ethical behaviour expectations to the staff periodically. Read more on how to build trust in the workplace with ISO 37001 Certification.

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Speak up – report any illegal, unethical, or improper behaviour

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal communication channels or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy. COMPLIANCE HOTLINE