Corporate Research & Investigations

Oil and Energy Companies Look to ISO 37001

In December 2017, the world’s largest builder of offshore rigs agreed to pay $422 million in penalties after entering a guilty plea for bribery charges connected with the Petroleo Brasileiro (Petrobras) scandal. Keppel Offshore & Marine Ltd. made illicit payments to both Petrobras officials and government representatives for more than a decade, between 2001 and 2014 (Reuters, 2017). ISO 37001

The sweeping multimillion-dollar bribery scandal that rocked Petrobras led to numerous investor lawsuits and the downfall of disgraced government officials. It also served as the embodiment of the huge risk of bribery and corruption that confronts the entire oil and energy sector.

Such a scandal is less surprising when one considers the scale of the oil and energy sector. It is a massive portion of the world’s economy, dealing mainly in petroleum – including upstream (exploration, development and production of crude oil or natural gas) and downstream (oil tankers, refiners, retailers and consumers) pipeline. As a raw material, petroleum is used for a number of chemical products, including pharmaceuticals, fertilisers, pesticides, solvents, and plastics.

The need to prospect, discover, and realise oil and energy production in various (and often far-flung) locations lends to the vulnerability to fraud – but geographic considerations aren’t the only risk factors. Perhaps even more impactful is the complexity of business relationships required to operate in the industry – relationships with governments, contractors, regulators, investors/venture partners, equipment suppliers and other parties. Every such interaction and dealing can be considered susceptible to bribery and corruption where cutting corners may be considered profitable or even perceived to be “business as usual.”

Contributing to the risk is the volatile nature of oil and energy prices (along with all levels of the production chain), along with increasing global demand. This drives oil and energy companies to expand into new areas and markets that might carry a higher risk of bribery and corruption, including undeveloped, third-world countries with few controls, lax enforcement, or both. The reality, however, is that when bribery and corruption continues unabated, everyone loses – companies and governments are affected financially, and economic instability is increased.

ISO 37001 Anti-Bribery Management System standard

There is a solution that oil and energy companies can implement to help prevent and detect bribery and corruption: the ISO 37001:2016 Anti-Bribery Management System standard. The standard requires organisations to implement a series of procedures to prevent, detect and address bribery on a reasonable and proportionate basis according to the type and size of the organisation, and the nature and extent of bribery risks faced. It applies to small, medium and large organisations in the public and private sector and can be implemented in any country. Though it will not provide absolute assurance that bribery will completely cease, for organisations in the oil and energy sector that operate across global boundaries, this is a critical layer of protection that provides both anti-bribery controls and a system for compliance with various anti-corruption legislation, such as the FCPA and UK Bribery Act.

ABAC Center of Excellence Limited is accredited as a Conformity Assessment Body (Certification Body) to assist your organisation in attaining ISO 37001 ABMS certification through a thorough bribery risk assessment and audit covering the entire scope of the standard. The audit methodology is evidence-based, meaning any issues raised will be confirmed through adequate evidence that the ABAC Certification team has discovered during the audit.

Auditing techniques take a risk-based approach to examining your organisation’s Anti-Bribery Management System (ABMS), and the ABAC Certification team will increase the scale of the investigation if they determine that a specific process presents on a higher risk side. Factors such as Impact, Negligence, Minor, Major, and Critical are taken into consideration during the audit.

A separate audit method is a process-based approach where the ABAC Certification examines the organisation’s processes while considering the interaction between those processes. Finally, there is a sampling-based audit approach where ABAC Certification incorporates an appropriate sampling plan utilising samples from different ABMS processes to conclude and support the audit findings and results.

The audit is extremely thorough in its approach, which results in an accredited certification for the scope of the ISO 37001 Anti-Bribery Management System. Because of the standard’s international acceptance and the thoroughness of the audit process, such certification can provide a valuable safeguard in demonstrating an “adequate procedures” compliance defence in cases posing a liability for a company’s failure to prevent bribery.

Once certified, an organisation must continue surveillance and undergo a recertification audit over three years to ensure that the organisation still complies with the ISO 37001 ABMS standard. During this time, any changes to processes, the addition of new partners and expansion/acquisition of new assets or energy contracts, etc. are carefully reviewed.

Lessons to learn

In the Keppel Offshore bribery and corruption case, implementing the measures above would have severely mitigated the risk that such a scandal could take root, much less proliferate over 13 years. The certification process involves a number of steps that include on-site audits to reveal any non-conformities – red flag areas that indicate a heightened risk of bribery and corruption. Such an assessment would have uncovered serious problems in Keppel Offshore’s processes, for example, and required corrective action plans to bring the organisation into compliance with its anti-bribery policy.

As corporations like Petrobras and Keppel Offshore have learned, there are deep repercussions for not taking proper preventative action with a robust anti-bribery management system (ABMS). The increase of anti-bribery and corruption legislation cannot be ignored by oil and energy companies, given that such regulations have, in most cases, achieved a global reach. For ownership and management, the stakes are especially high – accountability now includes criminal liability for organisation personnel as individuals, beyond (and in addition to) liabilities faced by the organisation. This trend will only continue as governments, and their publics become increasingly intolerant of fraud, bribery and corruption. Major media coverage and the real and perceived threat to governments’ economies contribute to this changing landscape of public opinion.

By extension, enforcement efforts are also being stepped up. Existing penalties are being applied with more regularities and new ones added with stronger impacts, including imprisonment and large fines – adding to the reputational damage that can occur as a result of bribery and corruption. Laws like the UK Bribery Act are being applied in force across international borders to put teeth in efforts to prevent, detect and punish corrupt corporate behaviour. While ISO 37001:2016 certification does not provide a shield against such enforcement measures, applying its standards can be considered a “good faith measure” for companies facing the consequences of bribery and corruption incurred in the past – and the measures prescribed by ISO 37001:2016 will no doubt have a mitigating effect on risk factors and the scale and scope of future acts of bribery and corruption should they occur.

Conclusion

With so much at stake in terms of money and resources, it should be no surprise that the oil and gas industry is rife with bribery and corruption. In today’s business climate, taking every step possible to prevent and detect bribery and corruption is more than just good business sense: It is essential to ensure a successful future. Implementing a worldwide recognised standard like ISO 37001 is a critical step forward for any organisation in the oil and energy industry.

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, ISO 37001, Oil, Gas & Energy, Resources by admin
No Comments »

« Previous Page — Next Page »

CONTACT US

NEWSLETTER SUBSCRIPTION

Sign up for risk management, compliance, corporate and background investigations, business intelligence and due diligence-related news, solutions, events and publications.

Pharma and Healthcare Companies can Benefit from ISO 37001

Pharma and Healthcare Companies can Benefit from ISO 37001

When global pharmaceutical giant GlaxoSmithKline found itself in the Chinese government’s crosshairs for an alleged large-scale bribery scandal, there was perhaps little doubt that the consequences would be large-scale, as well. GSK was accused of systematically paying bribes and “gratuities” to doctors and hospitals in return for favourable product use and promotion. Pharma and Healthcare Companies ISO 37001 Benefits

China was in the midst of an emerging anti-graft campaign and imposed tough penalties against GSK and its executives: In the end, various company leaders were arrested and eventually given suspended prison sentences; GSK was fined $490 million; and the corporation published a statement of apology to the Chinese government and its citizens.

GSK’s fraud was arguably symptomatic of a widespread problem among pharmaceutical companies and healthcare providers (also called “life sciences” providers) with bribery and corruption in economies and healthcare markets around the world. Despite increased awareness of the problem and the application of sophisticated anti-fraud mechanisms, individual actors and agencies continue to defraud public and private health systems in the same ways exemplified by GSK in China.

Generally speaking, healthcare and pharma presents a target-rich environment for fraud. Quantitative data indicate that healthcare fraud has already risen starkly in recent years. The World Health Organisation (WHO) estimates that, where losses have been measured and the types of health expenditure have been covered, the average annual cost of fraud totals 7.29 per cent of healthcare budgets (Gee and Button, 2014). With rapidly ageing populations and the increased costs of providing long-term care, placing substantial pressure upon already overburdened health and social care sectors, healthcare spending will continue to increase worldwide. Unfortunately, this will also bring increased fraud schemes, as fraud perpetrators follow the money.

Bribery and corruption will continue to be a part of this upward trend in fraud. Certainly, not all cases are as broad and sweeping as GSK’s – in some cases, corruption occurs simply because the pharma or healthcare entity doesn’t have proper controls in place to uncover red flags. This also raises serious compliance issues in a landscape that has increasingly stringent regulations and enforcement measures to punish organisations that fail to implement proper anti-bribery and anti-corruption management procedures.

CRI Group investigates: Pharma corruption case included CFO

A major pharma company suspected bribery and corruption among some of its senior employees. The client’s corporate security department had received conflict of interest complaints that reportedly involved a range of employees, from sales personnel on up to the chief financial officer (CFO).

An outside investigation firm was called in launch a risk assessment of the company’s third-party relationships, which included several interviews with identified vendors and suppliers to help ascertain the engagement process and associated risks. This process uncovered the fact that the client had no policy or code of conduct concerning ethics, compliance and standards for appointment of vendors, suppliers and local agents. Most troubling was the fact that in most cases, senior management referred business opportunities to friends and family members.

Investigators found that one of the vendors, which was deeply engaged in procurements and the supply of services for the pharma company over the past five years, raised serious red flags. The vendor’s letterhead lacked a physical address, and the only contact information listed was a single cell phone number. It was clear this vendor warranted further investigation.

Investigators used site visits, background checks and interviews to determine that the suspicious vendor was not a company at all – but a single person. Not just any person, however – a public records check with a national database revealed that this individual, who was posing as a major vendor, was none other than the brother-in-law of the client company’s CFO. Worse still was the fact that this blatant fraud was being conducted right under the noses of procurement and finance professionals at this large and well-known pharma company.

The individual’s residence was being used as a warehouse to help facilitate the fraud. A comprehensive litigation records check found that he was previously convicted in federal court and spent three years in prison for the charges of selling counterfeit products, physician samples and expired medicines; further regulatory checks found that his pharmacist license had been cancelled.

A high fraud risk environment was created through the non-compliance of specific procurement rules, and a lack of integrity due diligence and proper risk management. Also, severe conflicts of interest were exposed, connected to high-level executive positions and benefiting those in positions of power.

The pharma company was exposed to highly unethical practices and could face regulatory and other government action. Furthermore, the company was at risk of civil and criminal investigations and liability, damage to its reputation, and loss in shareholder trust, all of which could adversely affect the company’s financial well-being.

A solution through ISO 37001:2016 ABMS

The case study above is not an outlier – such corruption cases are relatively common in such a broad and complex industry. The pharma company could have prevented the scandal altogether, however, had it proactively implemented a proper anti-bribery management system (ABMS). There is a solution that pharma and healthcare companies can implement to help prevent and detect bribery and corruption: the ISO 37001:2016 Anti-Bribery Management System standard. ISO 37001:2016 is designed to help global organisations implement an anti-bribery management system (ABMS), as the standard specifies a series of measures required by the organisation to prevent, detect and address bribery, and provides guidance relative to that implementation.

CRI Group’s ABAC Certification Services is fully accredited to offer independent ISO 37001:2016 certification to ensure that an organisation is in compliance with the standard, which is recognised and practised worldwide. CRI Group’s auditors and analysts work with pharma and healthcare companies to develop measures that integrate with existing management processes and controls, and include:

Adopting an anti-bribery policy
Establishing buy-in and leadership from management
Training personnel in charge of overseeing compliance
Communicating the policy and program to all personnel and business associates
Providing bribery and corruption risk assessments
Conducting due diligence on projects, business associates and other third-party affiliations
Implementing financial and commercial controls
Developing reporting and investigation procedures

In the case study outlined above, having such an ABMS in place would have detected the red flags of bribery and corruption before the scandal was able to proliferate and cause so much damage to the company. Risk assessments, in particular, would have uncovered the lack of due diligence procedures and alerted organisation leaders to the trouble areas that were points of opportunities for the CFO and his brother-in-law. Also, having proper due diligence procedures in place to vet and uncover fraudulent third-parties would have detected the problem with this vendor from the outset.

Once certified, an organisation must continue surveillance and undergo a recertification audit over three years to ensure that the organisation still complies with the ISO37001:2016 standard. During this time, any changes to processes and any new relationships with vendors and other third-party partners are carefully reviewed.

Long-lasting benefits of ISO 37001:2016 certification

ISO 37001 provides a strong framework for addressing and isolating risk factors, and the benefits of certification are far-reaching, impacting not just the primary organisation but also influencing contractors, clients, and raising the profile of the company as an ethical entity that is a good trading partner.

By achieving ISO 37001:2016 certification, a pharma or healthcare organisation will ensure that the organisation is implementing a viable anti-bribery management system utilising widely accepted controls and systems. It will also assure management, investors, business associates, personnel and other stakeholders that the organisation is actively pursuing internationally recognised and accepted processes to prevent bribery and corruption. Today, companies cannot afford to be reactive to threats of bribery and corruption. By achieving ISO 37001 Anti-Bribery Management System certification today, an organisation will remain in compliance and better positioned to address risks head-on.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, ISO 37001, Pharmaceutical & Healthcare, Resources by admin
No Comments »

« Previous Page — Next Page »

Risk management and its continuous improvement

Risk management requires continuous improvement. Without a company culture strongly aligned with principles of continuous improvement, organisations will struggle to implement, let alone maintain, successful risk management programs. This can be challenging in practice, as cultivating a risk management attitude within a company involves aligning risk initiatives with existing company values, policies and, to put it simply, convincing everyone involved that risk management is worthwhile. However, improving risk culture is possible, and, like many things, it becomes a lot easier when you have a process for it.

Such a process can be separated into three stages:

Cultural awareness
Cultural change
Cultural refinement

Phase one: Building and strengthening cultural awareness

The first stage is building cultural awareness; this will take the form of communications, training, and general education initiatives within the organisation. Here is where companies set risk management expectations and objectives, define roles and responsibilities, and communicate all of these things with their employees. You shouldn’t expect your employees to conform to your ideas about risk management without first taking the time to educate and inform them, whether through formal training or access to knowledge base material or similar.

Successfully building and strengthening cultural awareness about continuous improvement includes:

Establishing a common risk management vocabulary
Making sure communications are consistent with said vocabulary and that everyone in the organisation has clear access to all relevant documents
Being clear about risk management responsibilities and accountabilities.
Launching and maintaining training programs, providing training support and guidance where needed and as required by different roles and responsibilities within the organisation
Making sure onboarding processes adequately cover risk management.
Making sure recruitment processes adequately cover risk management.

Phase two: Changing the way the organisation operates

Once a firm foundation of cultural awareness regarding continuous improvement has been established, it’s time to start thinking about how to gradually change how the organisation operates to reflect these values. This phase begins by recognising and rewarding employees for paying attention to risk and responding to risk in a way that challenges the previously established (pre-continuous improvement) status quo. These motivational systems, rewarding and penalising behaviour according to the established ideals of continuous improvement outlined in the early planning stages, will result in the gradual but certain shift towards a proliferation of continuous improvement-conscious company culture. Another important element is recognising the talent that conforms with the desired vision of continuous improvement and capitalising on this alignment by placing them accordingly in relevant, optimised positions of responsibility or seniority. It’s getting people in the right place to drive the right results.

Some important considerations for this phase:

Utilising challenge as a motivator for driving cultural change
Gamifying and quantifying risk performance metrics and rewarding/penalising behaviour accordingly.
Considering risk management and continuous improvement culture in talent management approaches.

Phase three: Optimising and refining the cultural ecosystem

The third and final stage of cultural adoption of continuous improvement occurs once the company culture has matured to the point of widespread adoption and desired values are already well-entrenched. At this point, the focus shifts to monitoring performance versus expectations and attempting to tweak and refine the system to further improve cultural adoption. The expectations can and will be influenced by a wide range of stakeholders, not just top management; employees, a board of directors, analysts, customers, investors – they all have a say in the definition of cultural expectations because these expectations should directly reflect the whole entity that is the organisation, made up of all its constituent stakeholder parts.

Steps taken during this phase might include:

Iterating feedback and observations from risk management into training, education, resources, and communications.
Making sure stakeholders are held responsible for their actions
Make sure any risk performance metrics or quantifiers are adjusted to reflect risk strategy, goals, and objectives changes.
The capacity to redeploy and reassign individuals within an organisation according to desired risk culture goals
Continually reflecting on and refining risk culture by continually changing business goals, objectives, and strategies.

At CRI® Group, we are committed to spreading the knowledge about the risk, compliance management and negative impact of fraud, bribery, and corruption to global businesses and promote transparent business relations across the world. As part of this effort, we want to present you our in-depth risk management and compliance insights – articles, whitepapers, eBooks, and other publications to help organisations overcome fraud, compliance, bribery, and corruption management challenges and tackle risks more effectively.

Don’t miss the opportunity to step up towards transparency and better protection for your business and your career – CRI® Group’s risk management and compliance insights give you a chance to explore these topics in-depth. If you are interested in our solutions, please click below to a free quote or contact us today.

GET A FREE QUOTE

Filed under: All Industries, All Regions, Background Investigation, Due Diligence, Resources by admin
2 Comments »

« Previous Page — Next Page »

3 ways to protect your Company’s Reputation

In today’s connected business world, there are very few secrets. United Airlines, for example, recently learned the hard way that one ugly incident can go viral and spread around the world in a matter of minutes – not hours, days or weeks. protect company reputation

United initially faced criticism over the rough treatment of a passenger being removed from one of their planes. Then, the company learned a second lesson when its CEO’s response to the crisis seemed somewhat disconnected and uncaring. United was in the middle of a reputational crisis, and its first official response to angry consumers only added more fuel to the fire. Later, the CEO offered an apology and a more compassionate statement – but the damage was done.

There are lessons to be taken from this and other high-profile cases where companies have seen their reputation, which they’ve worked hard to cultivate, trashed in the public spotlight. The fact is, things happen, and no company has a guaranteed way to safeguard their reputation from ever being dinged or facing scrutiny, whether fair or not. But there are ways to mitigate the damage and help ensure your company survives the crisis, and can rebuild its reputation in a positive way.

Know that people are talking about you

In the age of Twitter, Facebook, Yelp and other social engagement sites, people are keen to talk about what they like, dislike, what they wish would be better, and anything else on their mind. That includes your company and your products or services. Accept this and embrace it. Engage with people who post on social media when appropriate, and always in a polite and respectful manner. When there is a legitimate problem, communicate that you are taking the matter seriously and looking to resolve it, and then do so.

1. Be transparent

A way to be proactive in your engagement with others is to ask for feedback. Then be prepared to address it, good or bad. Consumers, stakeholders and even your own employees will be impressed by the open lines of communication and an honest dialog. In this way, you can strive to improve your services and offerings and show that you are receptive to your client’ needs.

2. Protect your customers’ data

Nothing can destroy your reputation among your clients and customers quicker than having to tell them their personal information, which was entrusted to you to remain private and protected, is now in the hands of hackers or criminals because you suffered a security breach. Even worse is when they learn that your company did not take all the measures necessary, or even the most basic ones, to prevent such a breach from occurring. Not only might you be criminally liable, but customers will run from you, not wanting to take a risk that something like that could happen again in the future. In today’s high-risk environment, you must have the most sophisticated and up-to-date security measures in place to protect your date – and your reputation.

3. Conduct due diligence

How much do you know about your third-party partners – those suppliers and contractors that you’ve trusted for years, or new ones with whom you seek to engage? An unethical partner can have serious effects on your own company’s reputation – bribery, corruption, supply chain problems are all issues that can end up tainting your own business and causing your customers to lose trust in your products or services. Conducting thorough due diligence, with background checks and full risk assessments, is the only way to help protect your reputation from potential harm.

It may feel sometimes like your company’s reputation is out of your control. However, there are steps you can take to help manage your reputation and help steer the conversation. It becomes more difficult when you wait, and try to undo later the damage that has already been done. That’s why being proactive in maintaining a positive reputation is the best strategy. Contact CRI Group today and let us help you stay on the path to managing your message and your reputation.

Who is CRI Group?

Filed under: Anti-Bribery Anti-Corruption Solution, Automotive, Aviation, Business Intelligence, Compliance Solution, Finance & Professional services Industry, Insurance, ISO 37001, IT & Telecommunications, Oil, Gas & Energy, Pharmaceutical & Healthcare, Property, Resources by admin
No Comments »

« Previous Page — Next Page »

Top 4 Red flags during a Merger & Acquisition

The business world is often transitional, and the landscape changes as entities grow or industries change – and the players involved have to change with it. Mergers and acquisitions are examples of these “transitional times,” and they are also among the most critical times to conduct proper and thorough due diligence.

There are inherent risks involved with the “unknown factor” that outside entities represent. By nature, merging with another entity, or acquiring it altogether, can be an exciting time, but background screening is especially crucial at this juncture.

When conducting due diligence before a merger or acquisition, what are some of the red flags that should make you take a closer look?

CRI® Group has conducted numerous due diligence engagements for clients undertaking major business deals. Our agents have also conducted many investigations for organisations that failed to do proper due diligence, and as a result became victims of fraud. Our findings in those investigations have provided a road-map of things to look for, and be cautious about, when in the pre-merger or pre-acquisition stage.

Here are a few red flags for any organisation undergoing a merger or acquisition:

1. Legal issues

When merging with or acquiring another entity, due diligence will uncover legal proceedings, including any troubling issues that the entity might have been trying to keep hiding. Past or current litigation or even criminal proceedings have been uncovered in background checks.

2. Credit risks

Some potential partners might be financial landmines, bringing the kind of baggage your organisation cannot afford. Has the entity claimed bankruptcy? Have they dissolved prior companies or are they faced with debtor filings? Proper due diligence will uncover these and other financial risk factors.

3. Lack of experience

If your organisation is looking to partner with a contractor or service provider, what is their experience level in the industry? Have they successfully completed past projects of a similar scale? Nothing can hurt your reputation with clients and customers more than having your deliverability affected by a contractor that cannot handle to job.

4. People problems

Hopefully, your organisation conducts thorough employee background screening of all potential and current employees. Can you say the same for the entity you are considering for a merger or acquisition? If not, the risks are great: fraud risks, criminal conduct, even employees without the needed training or skill level doing dangerous jobs could all come back to damage your own organisation and reputation. Comprehensive and thorough background screening, including of owners and principals (perhaps these are most important) will uncover such risks.

None of these red flags, on their own, are necessarily absolute roadblocks to a proposed merger or acquisition. Some scenarios can be explained, and certain circumstances simply require a fuller explanation.

But the key is having the information. In business, being surprised is generally not a good thing. This is never more true than when dealing with mergers and acquisitions.

Staying one step ahead of any critical risk to your organisation is part of being an effective business leader. Contact us today and get your FREE QUOTE now!

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Automotive, Aviation, Employee Background Check, Finance & Professional services Industry, Insurance, IT & Telecommunications, Oil, Gas & Energy, Pharmaceutical & Healthcare, Property, Resources by admin
No Comments »

« Previous Page — Next Page »

Any successful ethics and compliance strategy needs 5 key ingredients …

Once upon a time, the idea of business ethics was more of an abstract or philosophical notion that seemed more suited for discussion in a university lecture or at a business conference. Today, however, organisations of all sizes and industries must have concrete ways of addressing ethics and compliance issues as a principal component of their business processes and strategy.

According to a study by PwC, 98 per cent of senior leaders say they’re committed to compliance and ethics; however, only 67 per cent have a process in place to identify the owners of compliance and ethics-related risks, with only a third having an officer in place for the overall compliance and ethics. Fifty-six per cent of the companies don’t have a chief ethics officer at all, and only 20 per cent have a Board of Directors that formed separate compliance and ethics committees. The study reports that 82 per cent of leaders communicated with employees on ethics, but 46 per cent of this is done in business meetings or by email. You can read the result on the full PwC website.

Business leaders are usually quick to communicate their expectations to employees, especially when it comes to financial goals or tasks that they want to be accomplished. However, what is often lacking is a clear, concise explanation of what the organisation expects regarding ethical behaviour and a compliance framework in place to follow. Today citizens, media, politicians and international bodies across all regions actively condemn abuses of power. And past scandals and their consequences have created a demand for increased regulations, greater transparency, and other rigorous scrutiny measures to be taken. To maintain (or regain) public trust, the ethics and compliance function has been placed at the centre of the strategic core of organisations by effective leaders.

Empower your organisation to mitigate risk!

To ensure a robust compliance and ethics strategy, five critical elements need to be implemented; 1) tone at the top; 2) corporate culture; 3) risk management, 4) a Chief Compliance Officer; and 4) testing and monitoring.

1 – Building Tone at the Top

“Tone at the top” is a term used to describe the ethical atmosphere created at an organisation or workplace by their leaders and their attitudes and behaviours. Tone at the top is vital in determining whether fraud, bribery, or corruption are likely to occur. Because all levels of management set it, it has a trickle-down effect on all employees. If the top leaders show a robust and zero-tolerance approach to fraud, employees are likely to lead by example.

An organisation with a strong ethical culture is usually led by a board of directors and senior management personnel who actively promote a culture of compliance and zero tolerance for fraud and other unethical business behaviour. Effective tone at the top will communicate to the organisation at all levels the expected type of conduct, what is considered unacceptable, and what the consequences will be for transgressions. A zero-tolerance approach should be followed at all times; it is vital in maintaining the culture of ethics and compliance at the organisation; below are some examples of failed tone at the top:

For more scandals, check out our list of the “Top 10 Bribery & Corruption Stories of 2020“.

2 – Corporate culture

The prevailing norms, expectations, and recognised acceptable behaviour form the corporate culture of an organisation. By implementing an ethical code of conduct and compliance with all regulations a part of those norms, the organisation will help promote positive behaviour and integrity among its staff.

You might be making assumptions that your employees know how to conduct themselves ethically when, in fact, this expectation only exists in a grey area in their minds – if at all. Some employees who have engaged in fraud, corruption or other unethical situations have claimed that while they knew their behaviour was wrong, they thought it was implicitly accepted by their bosses and, in some cases, their company on the whole.

Similar to establishing an effective tone at the top, fostering a positive corporate culture hinges on effective communication, and it needs to permeate different layers of the organisation. In other words, sending occasional emails about ethical behaviour isn’t enough to influence the culture at a company. Develop videos, team-building exercises, new employee orientations, and employee appreciation events; these provide opportunities to recognise positive behaviour and reinforce the company’s values. When employees see their colleagues being recognised and rewarded for maintaining a compliant and ethical corporate culture, they are more likely to help cultivate an ethical workplace. When the tone at the top and corporate culture are tied together, everyone understands what is acceptable and expected in being a part of the organisation’s success.

3 – Risk management: perform risk assessments

Risk management is identifying, evaluating, and prioritising risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimise, monitor, and control the probability or impact of unfortunate events to maximise the realisation of opportunities. In other words, before you establish an ethics and compliance framework – first, a risk assessment should be conducted to uncover any vulnerabilities that need to be addressed with new processes.

> Risk assessment breakdown: Identification, Analysis, Evaluation

This means you need to assess how your business is conducted. So ask yourself:

Have the various roles at the company been appropriately allocated, and is there a proper separation of duties?
Are employees qualified for their responsibilities?
Is the workforce trained to recognise the red flags of unethical behaviour and fraud?

Once the risks are identified, they can be isolated and addressed as part of your organisation’s comprehensive approach to ethics and compliance. The risks should be prioritised:

Which ones pose an immediate threat?
Could they effectively shut down the business?
Do they pose a risk of financial, legal, or reputational risk – or all of the above?

Once prioritised, the identified risks should be assigned to critical members of the organisation. Whatever your reasons or motivations might be, if your organisation’s objective is to have an effective risk management strategy in place, then ISO 31000 can provide the principles, framework and a process for managing risk.

4 – A Chief Compliance Officer (CCO)

The implementation of a robust ethics and compliance strategy can give your organisation a competitive edge. A compliance officer or a CCO plays an essential and crucial role in the implementation. They are tasked with the day-to-day responsibility of overseeing the management of compliance and ethical risks whilst ensuring that the organisation is in compliance with the various regulatory requirements and that employees adhere to internal procedures and policies. Oversight should be provided by the board of directors (or ownership and executives) to ensure that problem areas have been adequately addressed and the organisation is taking a proactive approach to mitigating risk.

5 – Testing and monitoring

When all the new processes have been implemented (the anti-fraud policy and employee code-of-conduct, anti-bribery and anti-corruption training and policies, allocation of duties and responsibilities, an anonymous reporting -hotline- process for unethical behaviour), a thorough testing and monitoring regimen is critical to ensure the new process is working.

It is important to remember that having the best processes on paper won’t make a positive difference on its own. You need to monitor how they are being used and their success. A schedule should be in place that promotes frequent, regular check-ups of the ethics and compliance controls, with metrics that show results (i.e. surprise audits). A surprise audit is an effective way to test if any new controls have reduced the flagged irregularities. Before implementing ethics and compliance controls, the risk assessments should have identified risk areas with the new processes to mitigate that risk. Only by testing and testing frequently can the organisation determine if the new controls have the desired effect. If they are not, the company should develop new solutions that specifically robustly target these problem areas – and, in time, test them again.

Addressing ethics and compliance issues at an organisation can be a daunting task. However, with careful preparation, expert help, and a common-sense approach, any organisation can develop or enhance its corporate culture to be proactive in mitigating ethics and compliance risks. The benefits will be obvious – increased productivity, better security, and empowered employees who understand that their organisation values integrity and an ethical work environment.

Create a zero-tolerance approach to fraud with ISO 37001 ABMS

Creating a zero-tolerance approach to fraud doesn’t happen overnight. When your organisation enrols in ISO 37001:2016 ABMS training and certification, the program involves your entire team. The training helps establish an ethical culture by educating your employees on the following:

What constitutes fraud, corruption, and bribery, and why these are so damaging to business
How to identify red flags of fraud, corruption and bribery
The process for reporting fraudulent and unethical acts
The organisation’s zero-tolerance attitude toward unethical behaviour and willingness to terminate employees for breaches and prosecute unethical acts
The severe ramifications for committing fraud or bribery, the legal consequences, and the negative impact on one’s career

Employees shouldn’t be expected to follow a code of conduct that they aren’t aware exists. That’s why ISO 37001:2016 ABMS creates a communication plan through which organisation leaders regularly communicate their ethical behaviour expectations to the staff periodically. Read more on how to build trust in the workplace with ISO 37001 Certification.

About CRI Group

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Speak up – report any illegal, unethical, or improper behaviour

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal communication channels or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy. COMPLIANCE HOTLINE

Filed under: All Industries, All Solutions, Automotive, Aviation, Compliance Solution, Finance & Professional services Industry, Global, Insurance, ISO 37001, IT & Telecommunications, Leadership Insights, Oil, Gas & Energy, Property, Resources by admin
1 Comment »

« Previous Page — Next Page »

Internal Control: Identify Vulnerabilities through TPRM Assessment

CRI® Group’s Third-Party Risk Assessments are front-line tools used to ascertain whether an organisation has the appropriate policies and procedures in place to address all potential risks at the management, operations and financial levels and simulates the likelihood of those risks occurring.

A 3PRM^TM assessment includes a review of internal auditing procedures, compliance guidelines, performance criteria, internal controls, reporting processes, and contractual requirements vital to fostering a long-term positive outcome with the third-party provider when looking at the relationship from a cost-benefit standpoint. A 3PRM^TM assessment verifies whether the proposed third-party relationship is consistent with the organisation’s strategic plan and overall business strategy. Specific areas addressed in a 3PRM^TM assessment include:

Audit and supervision functions that assign clearly defined responsibilities within the organisation
Business continuity plans that take into account natural disasters and third-party business closures
Supply-chain alternatives that react and respond to every possible scenario, from regional events to currency fluctuations
Jurisdictional considerations and affiliations with potential partners located in regions that may be prohibited by law
Data and intellectual property protection, which includes customer privacy and information security considerations
Anti-corruption and whistle-blower policies begin with staff education and extend to safe internal and external reporting mechanisms which are easily accessible to management and staff.

Our 3PRM^TM assessments ensure tight controls to mitigate key risks and designate specific staff responsible for maintaining those controls. Any gaps detected in those controls are addressed during the assessment phase.

VIEW 3PRM^TM BROCHURE

CRI® Group invites you to schedule a quick appointment with us to discuss how conducting our 3PRM^TM assessment can help you and your organisation.

GET A FREE QUOTE

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, TPRM, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

Filed under: All Industries, All Regions, Industry Insights, Resources, Third-Party Risk Management by admin
No Comments »

« Previous Page — Next Page »

Employee Screening Process

How do you know the candidate you just offered a role to is ideal? Are you 100% sure you know that everything they’re telling you is the truth? 90%? They showed you a diploma; how do you know it’s not photoshopped? Did you follow the correct laws during your background check process? Background checks and necessary screenings are vital to avoid horror stories and taboo tales within HR, your business or even your brand – simply investing in proper employee screening can save you time, money and heartbreak. A complete employee screening process will result in fewer applications with serious discrepancies – it increases the quality of new hires due to an improved applicant pool and selection process. EmploySmart™ provides full in-depth background screening services for employees and candidates at all levels, from senior executives to shop-floor employees.

How Well Do You Know The People You Invest In?

CRI® Group has developed EmploySmart™, a robust new pre-employment background screening service to avoid negligent hiring liabilities. Ensure a safe work environment for all. EmploySmart™ can be tailored into specific screening packages to meet the requirements of each specific position within your company. We are a leading worldwide provider specialised in local and international employment background screening, including pre-employment and post-employment background checks.

Pre-employment checks/background checks/screening benefits:

Reduce turnover & training costs
Gain a competitive edge through the hiring of better people
Increase productivity – help your employees be more productive, knowing that everyone employed by your company has been screened.
Set your company apart & win more business
Reduce employee-related problems
Protect company reputation/brand & customer relations
Comply with mandates created by state or federal law for certain industries
Increase retention
Reduce negligent hiring claims
Avoid violence in the workplace (threats of violence & actual violence)
Reduce theft & espionage
Avoid lawsuits & the costs associated with the defence.
Avoid loss of goodwill.

Pre-employment checks/background checks, what are they?

These checks are essentially an investigation into a person’s character – inside and outside their professional lives. Some checks you probably already carry out in-house, such as candidate’s qualifications (documents provided), work history (with a reference check), right to work in the country and even a quick social media presence scan. However, we provide a full in-depth background screening service for candidates and employees at all levels – from senior executives through to shop-floor employees:

Address Verification (Physical Verification)
Identity Verification
Previous Employment Verification
Education & Credential Verification
Local Language Media Check
Credit Verification & Financial History (where publicly available)
Compliance & Regulatory Check
Civil Litigation Record Check
Bankruptcy Record Check
International Criminal Record Check
Integrity Due diligence… and more.

When should I conduct pre-employment checks?

Our pre-employment screening services will help you avoid adding potential fraudsters and other bad actors to your staff. These checks can be implemented before or after a job offer (with each having its pros and cons).

How to collect references, and what to ask?

Because it is impossible to know how your candidate will work daily from just one interview, you will need references. References are a great way to find out whether your candidates are suitable for the role or will fit with your company culture. A primary reference check asks for:

Employment dates
Employment main responsibilities
Attendance record
Any disciplinary actions against them
Any reasons why they shouldn’t be employed

These references will help you back up their CV – however, many candidates tend to exaggerate or misrepresent themselves. Our EmploySmart™ team goes beyond to get a fuller picture for you:

Greatest strengths?
Are they suitable for the role they’ve applied for?
Would they rehire the candidate?
Suitable management style?
Do they have any leadership skills?
Situations in which they have excelled at?

Some companies have policies of not giving references and just providing necessary employment details, while others direct you towards HR, but the EmploySmart™ team is persistent.

What specific legal requirement should I ask?

You will need to check if they have the right to work in the region you are recruiting for. You are subject to statutory penalties if you employ foreign nationals who don’t have the correct visas. You will need to request criminal records checks depending on the role you are recruiting. Such roles with children or vulnerable people are highly regulated – and all of these differ from country to country.

CRI Group™ carries the burden of knowing the laws, so we can assist you with staying compliant and helping you to make the best decisions for your company’s needs. We have established an interdisciplinary team of experts in employment law, best practices and data protection. We can manage your employment background screenings across borders for you! Country by country, we have documented the different approaches to employment screening, ensuring we operate in harmony with local culture and within the limitations of local legislation.

With extensive local language capabilities, flexible working patterns and time zone intelligent workflow, we provide a comprehensive and fully compliant global screening service.

At CRI Group™, we specialise in employment screening, working as trusted partners to HR and recruiting managers of corporations and institutions worldwide. Our people work with energy, insight and care to ensure we provide a positive experience to everyone involved – clients, reference providers and candidates.

CRI Group™’s unique identity and vision evolved from our fundamental desire to support our clients and candidates. We have a passion for Screening and a simple belief in setting new standards. These qualities fuel our commitment to excellence and drive our culture.

Our EmploySmart™ background screening services expose vulnerabilities and threats within your organisation and can significantly reduce business and financial crime, fraud and malpractice within your workplace. Our experienced EmploySmart™ Team can safeguard your data security and your business integrity while you can focus on human conversations and interactions. Together, your organisation can deliver outstanding screening experiences.

We provide a host of professional services to HR managers representing significant corporations worldwide. Employees should be screened regularly to reveal any new information relevant to the business. That’s why our background investigations services also include:

Employee monitoring and risk management
Data protection compliance
Employee testing and confidentiality
Employee risk management
Post-employment background checks

CRI Group™ is trusted by the world’s largest corporations and consultancies – outsource your employee due diligence to an experienced provider, and you will only ever have to look forward, never back.

BS 7858:2019 Screening: extra security level for your business and employees

Get answers to frequently asked questions about background checks/screening cost, guidelines, check references etc. This eBook of compiled list of background screening related questions taken as a whole is the perfect primer for any HR professional, business leader and company looking to avoid employee background screening risks. It provides the tools and knowledge needed to make the right decisions.

Extensive global coverage, with expertise in domestic and international Screening; one of the largest, most experienced and best-trained integrity due diligence teams in the world
Our team of more than 50 full-time analysts is spread across Europe, the Middle East, Asia, and North and South America and is fully equipped with the local knowledge to serve your needs globally.
The ability to manage multiple background checks online
Quick turnaround times
Our solutions are easily customisable and flexible, and we will tailor our scope to address your concerns and risk areas, saving you time and money.
High-quality searches, backed by numerous checks and quality controls
We have a flat structure which means that you will have direct access to senior staff members throughout the due diligence process.
Our multi-lingual teams have conducted assignments on thousands of subjects in over 80 countries, and we’re committed to maintaining and constantly evolving our global network.
Our extensive solutions include due diligence, employee pre and post background screening, business intelligence and compliance, and facilitating any decision-making across your business, no matter what area or department.

GET A QUOTE

Who is CRI Group™?

Based in London, CRI Group™ works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, and is an HRO certified provider and partner with Oracle.

LET’S TALK!

Filed under: All Industries, All Regions, Background Investigation, Employee Background Check, Resources by admin
1 Comment »

« Previous Page — Next Page »

Components of ISO 31000:2018

ISO 31000:2018 Components

Managing risk is a critical part of the success of any organization. That’s why ISO (International Organization for Standardization) developed the 31000 Risk Management Standard. Issued in 2009, the standard helps address operational continuity, and also confidence and reassurance in your organization’s economic resilience, professional reputation and environmental and safety outcomes. Best of all, ISO 31000 can be tailored to your organization to help achieve the best results.

1. Principles

The purpose of risk management is the creation and protection of value. It improves performance, encourages innovation and supports the achievement of objectives. Principles include the requirement for the risk management initiative to be (1) customized; (2) inclusive; (3) structured and comprehensive; (4) integrated; and (5) dynamic.

2. Framework

The purpose of the risk management framework is to assist with integrating risk management into all activities and functions. The effectiveness of risk management will depend on integration into governance and all other activities of the organization, including decision-making.

> At CRI Group we are working on new ISO 31000 Awareness training course. Show your interest and sign up for more updates HERE!

2.1. Leadership and commitment, including:

Aligning risk management with the strategy, objectives and culture of the organization;
Issuing a statement or policy that establishes a RM approach, plan or course of action;
Making necessary resources available for managing risk; and
Establishing the amount and type of risk that may or may not be taken (risk appetite).

2.2. Integration, including:

Determining management accountability and oversight roles and responsibilities; and
Ensuring risk management is part of, and not separate from, all aspects of the organization.

2.3. Design, including:

Understanding the organization and its internal and external context;
Articulating risk management commitment and allocating resources; and
Establishing communication and consultation arrangements.

2.4. Implementation, including:

Developing an appropriate implementation plan including deadlines;
Identifying where, when and how different types of decisions are made, and by whom; and
Modifying the applicable decision-making processes where necessary.

2.5. Evaluation, including:

Measuring framework performance against its purpose, implementation and behaviors; and
Determining whether it remains suitable to support achievement of objectives.

2.6. Improvement, including:

Continually monitoring and adapting the framework to address external and internal changes;
Taking actions to improve the value of risk management; and
Improving the suitability, adequacy and effectiveness of the RM framework.

> Are you new to risk management? Our newly published “Risk Management & ABMS Playbook: A guide for prevention, detection and compliance” is available for download now. Read more here!

3. Process

The risk management process involves the systematic application of policies, procedures and practices to the activities of communicating and consulting, establishing the context and assessing, treating, monitoring, reviewing, recording and reporting risk.

3.1. Communication and consultation, including:

Bringing different areas of expertise together for each step of the RM process;
Ensuring different views are considered when defining risk criteria and evaluating risks;
Providing sufficient information to facilitate risk oversight and decision-making; and
Building a sense of inclusiveness and ownership among those affected by risk.

3.2. Scope, context and criteria, including:

Defining the purpose and scope of risk management activities;
Identifying the external and internal context for the organization;
Defining risk criteria by specifying the acceptable amount and type of risk; and
Defining criteria to evaluate the significance of risk and to support decision-making;

3.3. Risk assessment, including:

Risk identification to find, recognize and describe risks that might help or prevent achievement of objectives and the variety of tangible or intangible consequences;
Risk analysis of the nature and characteristics of risk, including the level of risk, risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness; and
Risk evaluation to support decisions by comparing the results of the risk analysis with the established risk criteria to determine the significance of risk.

4. Risk treatment, including:

Selecting the most appropriate risk treatment option(s); and
Designing risk treatment plans specifying how the treatment options will be implemented.

5. Monitoring and review, including:

Improving the quality and effectiveness of process design, implementation and outcomes;
Monitoring the RM process and its outcomes, with responsibilities clearly defined;
Planning, gathering and analyzing information, recording results and providing feedback; and
Incorporating the results in performance management, measurement and reporting activities.

6. Recording and reporting, including:

Communicating risk management activities and outcomes across the organization;
Providing information for decision-making;
Improving risk management activities; and
Providing risk information and interacting with stakeholders.

Getting Started with ISO 31000 Risk Management?

ISO 31000 is an international standard issued in 2009 by ISO (International Organization for Standardization). All types and sizes of organizations face internal and external factors that directly impact whether an organization can achieve their objectives or not. ISO 31000:2018 serves as a guide for the design, implementation and maintenance of risk management, ISO 31000:2018 describes a systematic and logical process, during which organizations manage risk by identifying it, analyzing it, and then make a determination as to mitigating the risk treatment in a way that is consistent with their risk appetite. An organization can implement risk management across the entire company, and it can do so at any time. Our newly published “ISO 31000 Risk Management: A guide to identify, analyse and mitigate risk” playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:

What is ISO 31000?
Why is this Standard a good idea?
What are the benefits for my business?
Principles of ISO 31000:2018
ISO 31000 framework
- Why was it revised?
- What are the main differences?
Key Clauses of 31000:2018
Who is the standard for?
The process
The link between 31000:20180 and other standards
Importance of risk management leadership
31000:2018 and continuous improvement
How do we get started?

> Risk management is a full-time, ongoing endeavor for organizations in today’s business world, and it poses constant challenges. The first part of reducing risk is having a strategy, and taking action. So DOWNLOAD your free playbook now!

Speak Up – Report Any Illegal, Unethical, or Improper Behavior

Ethics and Compliance Hotline is an anonymous reporting mechanism that facilitates reporting of possible illegal, unethical, or improper conduct when the normal channels of communication have proven ineffective, or are impractical under the circumstances. At CRI Group, we are committed to having an open dialogue on ethical dilemmas regardless.

REPORT HERE!

We would like to introduce a new Ethics & Compliance Hotline. This hotline is available to all employees, as well as clients, contractors, vendors and others in a business relationship with CRI Group and ABAC Group. If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use CRI Group’s Compliance Hotline in below mentioned ways or provide us with your complaint online on the form below. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI Group’s Non-Retaliation Policy.

READ MORE!

About CRI Group

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

TAKE A PART OF THIS SURVEY

Your opinion matters! Participate in the background screening survey now and let us know how COVID-19 and WFH have affected your business. ANSWER THE SURVEY

Filed under: All Industries, Leadership Insights, Resources by admin
1 Comment »

« Previous Page — Next Page »

Ethics and Compliance Hotline: your frequently asked questions answered…

Ethics hotlines are growing in popularity. In 2017 the South Africa Home Affairs Minister Malusi Gigaba announced over 3,000 officials were found guilty of misconduct related to cases reported via the National Anti-Corruption Hotline (NACH). “The closure rate underscores a commitment by government departments to investigate allegations of corruption as reported through the NACH.” Ethics and compliance hotlines work! Organizations must have an ethics and compliance hotline to help promote the organization’s code of conduct and nurture a culture of honesty and accountability.

Don’t opt out of an ethics hotline

The 2019 Global Business Ethics Survey found that more reports of misconduct were made to direct supervisors (a median of 51 per cent) compared to hotlines (6 per cent). However, it is still crucial to have an Ethics and Compliance Hotline. Why? Having an ethics and compliance hotline shows employees that the business leaders genuinely want to hear from them, making it a great employee relations tool.

The ethics and compliance hotline is an anonymous reporting mechanism. So when the normal channels of communication fail, a hotline can facilitate any flagging. They provide an accessible way for employees to report potential wrongdoing, possibly illegal, unethical, or improper. A company can better protect itself from fraud, learn of employee misconduct and proactively mitigate any corruption-related risk. Despite industry or size, any organisation should be 110% committed to having an open dialogue on ethical dilemmas regardless.

CRI® Group encourages everyone to report any wrongdoing. We believe that everyone should have a voice and protect themselves, colleagues and the organizations that they work for. Everyone must seek to maintain transparency to comply with the code of conduct and compliance regulations. If your organization considers an ethics and compliance hotline, here are some must-knows.

Who can report? And what can you report?

All individuals – employees, clients, contractors, vendors and others in a business relationship with you or your organization – have a duty and responsibility to report any known or suspected noncompliant behavior or violations of any regulatory mandates and/or local policies, including but not limited to:

Ethical standards violations;
Violation of laws and company policy and internal control;
Risk and safety;
Theft, embezzlement or misappropriate of assets and fraud;
Bribery and corruption;
Employee rights, employee relations, work environment;
Privacy laws or security of personal information;
Discrimination;
A dispute related to a supervisor, HR and other departments;
Physical and verbal harassment in the workplace;
Issues related to job responsibilities;
The report related to a suspicious activity being a witness; and/or
Unfair dismissals.

How to report?

You can report your concern using the Ethics and Compliance hotlines at any time, 24/7. And an effective Ethics & Compliance Hotline should allow reporting via phone, email, web-based compliant forms and even walk-ins.

How does it work?

This will depend on your organization structure; however, if you allow reporting directly by telephone, the caller should speak with the Compliance Department directly. The caller can remain anonymous or may want follow-up, in which case(s) he will give contact details. If the individual submits a report online, the system should guide the individual through the reporting process, and a PIN number will be generated automatically once they complete the report. The compliance department specialist who receives the tip is then in charge of validating it. This compliance officer typically receives special training on gathering enough information to ensure the complaint is credible. The tip is then routed to the right department within the organisation, such as audit, legal, or human resources.

What is the process of the investigation?

The Compliance Department or Committee should then review the report and conduct an investigation. The investigation may include an interview with relevant witnesses review of records, computers, telephones and other equipment per relevant personal data regulations. The reported individual will be able to follow the status of the case and communicate with the Compliance by giving their case number. However, no party can contact the individual directly if you have chosen to remain anonymous. The investigation conclusions and recommendations are reported to Management.

Can we generate anonymous reporting?

Yes, if the individual wishes to remain anonymous when reporting their concern, they can. However, you should encourage the individual to identify themselves where/when possible, enabling your organization to investigate the report more effectively. If they provide their names, your compliance department should protect their confidentiality to the greatest extent possible during the investigation. The organization should have a Non-Retaliation and Whistleblower Policy to help ease the process.

What is a Non-Retaliation Policy?

While on the surface, hotlines may seem a convenient option to receive employee complaints, tips or concerns, often, it’s the process that surrounds the hotline which can determine whether it ultimately succeeds or fails. Areas such as employee relations are particularly challenging for anonymous tips. An organisation needs to have a whistleblower process in place – this is a critical component of any compliance monitoring system. It enables companies to identify and mitigate potential risks early before they impact operations, reputation and ultimately, financial performance.

How can we make sure they deliver a credible report?

When reporting an issue, encourage individuals to ensure that they provide as much relevant information as possible, for example, the names of persons involved in the alleged conduct, potential witnesses, appropriate documentation or data, visual evidence etc. Provide them with forms that allow them to understand what they need to submit a credible report, with the appropriate questions and empty spaces for further feedback, including the ability to upload any initial profs. This will allow your Compliance to effectively follow up on the case.

What makes a successful implementation?

A strong and clear message is delivered to employees and stakeholders by a senior individual who champions the overall programme.
A clear understanding of how best to engage with your employees at all levels and in all countries. Remember to take into account country and cultural differences.
A robust internal process to deal with reported issues as laid out in your code of conduct policy or ethics programme.

Are you addressing corporate Compliance?

Prove that your business is ethical. Find out if your organisation’s compliance program aligns with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Let our experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under the UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.

Find out what’s a Gap Analysis and why do you need it?

Report with CRI® Group!

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, use the reporting process in this Code of Conduct, including the Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by the CRI® Group Non-Retaliation Policy.

REPORT NOW!

CRI® will not accept any retaliation or discrimination against any employee or external stakeholder who uses our Compliance Hotline in good faith or participates in an investigation. Any employee who breaches the policy will be subject to disciplinary actions. If you wish to learn more just have a look at our article on Ethical code of conduct: What should be covered?

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications and is an HRO certified provider and partner with Oracle.

Meet the CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal Compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: All Industries, All Regions, All Solutions, Anti-Bribery Anti-Corruption Solution, Compliance Solution, CRI News, Global, ISO 37001, Leadership Insights, Resources by admin
No Comments »

« Previous Page — Next Page »

CONTACT US

NEWSLETTER SUBSCRIPTION

FOLLOW US