Building a Resilient and Defensible Third-Party Risk Management Compliance Program

Third-Party Risk Management Compliance Program:

Does your business have a Third-Party Risk Management (TPRM) Compliance Program? Are you establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business?

It’s highly probable that, at some point, organizations that affiliate with outside providers will eventually have to deal with an operational interruption resulting from third-party related issues and inappropriate conduct. The risks involved in partnering with outsiders hasn’t changed over the centuries. It’s the potential liability that’s been ratcheted up several notches. International borders have been ripped down. Technology has improved the way businesses communicate.

Easy access to data and information enables the media to report on business news before a business can properly respond. And the markets are quick to form opinions based on a 24/7 on-demand news cycle. The result of this increased liability is problematic. Business litigation has skyrocketed. Corporate reputations are constantly being assaulted. Business strategies are forever shifting. Board members are increasingly subjected to intense scrutiny from outside critics, and a highly educated market responds immediately with their pocketbooks.

VIEW 3PRM^TM BROCHURE

Discover How to Demonstrate a Resilient and Defensible Third-party Risk Management Compliance (TPRM) Program with 3PRM™ Services

CRI® Group has a network of local subject specialist operatives across the Middle East, Europe, South American and Asian regions to extend a helping hand and offer enhanced integrity due diligence being pre-emptive measures against:

• Experiencing financial loss when a third-party provider failed.
• Losing customers because of poor-quality service from a third party.
• Exposing breaches to data systems because of poor information security practices by a third party.
• Experiencing supply chain issues due to poor disaster recovery procedures by the third party.
• Being exposed to litigation because of relationships with an outside provider significantly violated contractual terms, potentially resulting in regulatory exposure.

When Working with third-party providers, CRI® Group designed a solution: 3PRM-Certified™. This proactive approach includes Integrity Due Diligence, Enhanced Due Diligence, Anti-Bribery and Anti-Corruption Compliance Solutions (incorporating ISO 37001 Anti-Bribery Management System accredited certification and training) to mitigating the risks involved with third-party affiliations to protect the organization from liability, business interruption and brand damage.

You may also like this article:

WHEN TO CONDUCT THIRD-PARTY SCREENING?

3PRM-Certified™ A Third-party Compliance Verification and Certification Program

As the risk for data breaches and supply chain disruption continues to rise with COVID-19, so does the need for effective third-party risk management (TPRM) programs. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organization considering how to better equip your team with the best knowledge and skills, the 3PRM-Certified™ program is an all-in solution.

Our 3PRM™ service is flexible, and we tailor our scope to address an organization’s specific concerns and risk areas. Our extensive solutions include due diligence, employee pre- and post-background screening, business intelligence and compliance, facilitating any decision-making across your business no matter what area or department. Get ahead of any potential problems down the road with suppliers, contractors, and other third-party partners. Contact CRI® Group today and learn more about our third-party due diligence and risk management solutions.

CRI® Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organization from liability, brand damage and harm to the business. The 3PRM-Certified™ program includes a focus on the following:

• Providing third-party risk assessments
• Meeting contracting requirements
• Conducting due diligence
• Identifying potential fraud risks
• Providing management oversight

Utilizing a network of trained professionals positioned across five continents, CRI Group’s 3PRM services utilise one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy AML and anti-corruption compliance program.

This TRM Strategy program will help organizations establish the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Third-party relationships are critical in business today and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organization, the business cannot overestimate the consequences of inadequate due diligence.

VIEW 3PRM^TM BROCHURE

Inadequate Procedure 

December 2013: Over US$2.8 million for failing to have in place appropriate checks and controls to guard against the risk of bribery or corruption when making payments to overseas third parties, breaching the FCA’s principle on management and control. Between 19th February 2009 and 9th May 2012, the organisation received almost $33 million in gross commission from business provided by overseas introducers and paid them over $18 million in return.

Inadequate systems around these payments created an unacceptable risk that overseas introducers could use the payments made for corrupt purposes, including paying bribes to people connected with the insured clients and/or public officials.

Regulatory action is not a US or UK phenomenon alone but is increasingly becoming a global issue. Regulatory thinking around third-party risks in some other jurisdictions is highlighted below:

• Singapore: The Monetary Authority of Singapore (MAS) has stated that it “is particularly interested in material outsourcing which, if disrupted, has the potential to significantly impact an institution’s business operations, reputation or profitability and which may have systemic implications.”
• Australia: The Australian Prudential Regulatory Authority (APRA) aims to ensure that all outsourcing arrangements involving material business activities entered into by a regulated institution are subject to appropriate due diligence, approval, and ongoing monitoring.
• Hong Kong: The Hong Kong Monetary Authority (HKMA) states that institutions “should not enter into, or continue, any outsourcing arrangements [that] may result in their internal control systems or business conduct being compromised or weakened after the activity has been outsourced.” – Source: Deloitte Report

Let’s Talk! If you have any further questions or interest in implementing compliance solutions, please contact us.

About CRI® Group

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

Filed under: All Industries, All Regions, Compliance Solution, Resources, Third-Party Risk Management by admin
No Comments »

10 Ways to Maintain GDPR Compliance

In 2018, the European Union’s (EU) General Data Protection Regulation (GDPR) came into force. The GDPR was a response to massive worldwide data breaches that were undermining the trust and security of private citizens whose personal information was at stake. As this data was exposed by both hackers and, in some cases, simply through poor security measures, governments of the EU felt it was time to create a strong piece of governance to bolster protection. While the initial rollout of GDPR held some uncertainty and unknowns for organisations subject to its guidelines, there is now a much clearer picture of how its standards apply. The punishments for being caught out of compliance can be severe: Violators of the GDPR may be fined up to €20 million or up to 4 percent of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater (European Commission, 2020, GDPR.eu, 2020). At CRI Group, our integrity due diligence experts are trained at helping organisatons achieve and maintain compliance with GDPR. Our leading risk management and compliance agents provide the following top 10 GDPR best practices for any business or entity that deals with collecting, storing or using personal information:

1. Employ a Data Protection Officer (DPO)

It is a GDPR requirement that entities who carry out regular and systematic monitoring of individuals on a large scale, or large-scale processing of certain special categories of data, have an assigned DPO. It is also recommended, however, for all other entities to help ensure data security. While the GDPR does not specifically list the necessary training or qualifications of a DPO, the regulation does require the DPO to have “expert knowledge of data protection law and practices” (Digital Guardian, 2019). Implement thorough background screening processes and make sure they are trained and qualified to be your DPO.

2. Train your employees

Ensure that all personnel are aware of the GDPR and your organisation’s commitment to compliance. Make sure that all leaders, and especially key personnel charged with collecting, handling or storing data, understand their responsibilities under GDPR. Make date protection training a regular part of your employee curriculum.

3. Confirm the legality of your data collection

GDPR requires that you have a legal basis to collect personal data. For most businesses, the following are the most likely to be applicable:

• The information is necessary to perform a contract between the organisation and the individual;
• You have a legal obligation to process the data (such as a court order);
• The organisation has a legitimate interest in collecting and processing the data – in other words, there needs to be a relationship and business reason to collect the date (it cannot be random);
• The individual has provided direct consent to the processing of the data.

4. Maintain thorough records

For larger organisations (more than 250 employees), GDPR requires that records of data collection and processing be maintained. Again, this is also a best practice for smaller organisations, as well. It can help establish that the organisation is dutifully complying with the data protection principles in GDPR. Take inventory and make a record of the data you have collected and are storing to date. Create a detailed matrix to understand what types of data you are holding, where/how it as collected, how and where it is held, and whether it is still needed. Based on this information, you can also develop a data-retention policy to govern how long personal data is kept and stored. Keeping data on file longer than needed is a liability, and serves no business purpose.

5. Establish consent policies for data

For some of your records, consent is your lawful basis for holding it. Under GDPR, it is no longer acceptable to assume consent in your collected data, or treat silence as consent. Create clear and unambiguous consent forms for your data collection that demonstrate adherence to GDPR principles. And remember, under GDPR, you must make it a simple process for an individual to withdraw their consent at any time.

6. Perform due diligence on third-parties

Under GDPR, your organisation is responsible if third-party partners collect, store or manage data for your organisation. You must ensure their compliance with GDPR as if it is your own, since they are responsible for your data. This is the time to update your contracts with them to include compliance measures, as needed. It is also important that you review their control systems and their data handling processes. They must be comprehensive and meet all of the GDPR requirements to keep data secure. CRI Group’s third-party risk management experts can help you conduct effective reviews of your partners and their processes.

7. Be responsive

Under GDPR, your organisation must respond to requests from individuals whose data you have collected and/or are storing. These requests are spelled out as individuals rights in regards to their personal data and they include the following:

• Right to be informed about what data is collected and why;
• Right of access to data that has been collected;
• Right to rectification/correction of inaccurate data;
• Right to erasure of data (“right to be forgotten”);
• Right to restrict processing of personal data;
• Right to data portability;
• Right to object to use of data; and
• Right not to be subject to automated decision making, including profiling.

Have a process in place to timely respond to requests and provide data when requested in order to stay in compliance.

8. Have written policies in place

Develop your internal policies in regards to GDPR and how you protect personal data, and communicate them across your organisation. Take special note to spell out policies on data retention, cross-border processing of date, and how you collect and handle data for persons under the age of 16, as GDPR has special requirements in regards to children’s data.

9. Conduct risk assessments

GDPR requires Data Protection Impact Assessments in certain cases. These assessments measure your organisation’s ability to protect personal data, and risks associated with that protection. If your data processing is considered high-risk, uses new technology, or deals in large-scale processing of data in certain categories, the assessments are required – but in for any organisation, they are recommended. Data protection experts at an outside firm like CRI Group can help you prepare robust risk assessments and follow-up plans to address their results.

10. Be prepared for a breach

A worst-case scenario in data security is a breach that exposes personal information. Under the steps above, your organisation should be well-positioned to prevent or limit any breach to your data security. However, you should always have a contingency plan in place to immediately respond to a breach should it occur. Understand that GDPR requires that the applicable EU data protection supervisory authority be notified within 72 hours of a breach. Gone are the days where a company can announce it weeks or even months after the fact. Be ready to notify the affected individuals that their data has been compromised, so that they can take the appropriate steps to respond.

Organisations don’t like to think about the impact of a data breach – but major cases have pushed governments to act in the public’s interest. Perhaps nowhere is this more true than in the EU, where the GDPR is now the governing policy for organisations that deal with individuals’ personal data. By being proactive with the steps above, your organisation can be better prepared and maintain compliance with the GDPR. Most importantly, you will have the confidence and trust of your consumers through effective best practices in handling and protecting their data. CRI Group’s experts are here to help. Contact us today so that we can walk you through the steps of GDPR compliance.

Let’s Talk!

If you have any further questions or interest in implementing compliance solutions, please contact us.

CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligence,  third-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

Filed under: Business Intelligence, Compliance Solution, Resources by admin
No Comments »

Due Diligence: 4 Red Flags of Collusion

One of the many schemes that can cause serious legal and financial consequences is collusion in business. While some business leaders might wonder what separates collusion from other types of fraud and how to identify it, there is a key factor: secrecy. 

Collusion involves at least two parties (sometimes more) who collaborate to deceive others, usually for financial or market gain. Due to its secretive nature, collusion can be difficult to detect and weed out. This poses a serious problem because the consequences of noncompliance for an organisation are often severe.

According to the Wall Street Journal, the U.S. Department of Justice (DOJ) is “preparing to tackle competition issues in several important markets, including alleged price-fixing in the generic-drug industry, rules for music licensing and purported employer collusion that limits options for sought-after workers” (Wall Street Journal, 2020). Indeed, these are the types of schemes that are most often associated with collusion. Price fixing is a global problem found in many different industries, for example. However it’s important to note that collusion is just as common at the local level – for example, where contractors bid to provide goods or services regularly. Sometimes competitors will engage in collusion by making secret arrangements to rotate bids or share bid details to artificially deflate prices.

In one recent case, the branch manager for a U.S.-based insulation contractor pleaded guilty in a scheme to rig bids and commit other forms of fraud on insulation contracts. The DOJ had launched an investigation into the branch manager’s actions from 2011 to 2018, finding that he “conspired with other insulation installation contractors to rig bids and engage in fraud on insulation installation contracts in Connecticut, New York, and Massachusetts. Insulation installation contractors install insulation around pipes and ducts on renovation and new construction projects at universities, hospitals, and other public and private entities. In addition to his guilty plea, DeVoe has agreed to pay restitution” (DOJ, 2020). “Free and open markets are the foundation of a vibrant economy. For years, the defendant illegally coordinated bids on construction projects to enhance his profits, eliminate competition, and ultimately steal from public and private customers,” said Brian C. Turner, Special Agent in Charge of FBI’s New Haven Field Office.

The DOJ noted in its press release that this crime hurt the hospitals, universities and businesses that solicit and pay for the contractor’s services under the expectation that the bidding process is fair and above board, not rigged to benefit a contractor at their expense. The money lost in such schemes (through paying inflated contracts) often represents taxpayer dollars. The fact that collusion, in this case, lasted for at least seven years indicates that tens of thousands of dollars (or more) were likely lost through fraud.

So, what can organisations do to be better protected from collusion schemes – whether from inside their own company or perpetrated against them by outside partners/contractors? While collusion is secretive by its very nature and can be difficult to detect, red flags can indicate that something might be amiss. CRI® Group’s integrity due diligence experts are specially trained to uncover collusion in all its forms, and they describe the following as some of the signs to watch for when dealing with competitive bid contracts:

A high percentage of awards go to the same company

If a single bidder is winning most of the contracts for a particular set of goods or services, there might be something wrong despite several other contractors involved in the bidding. This is especially true if there are any issues or complaints around the bidder, such as poor quality products or services, they are late in delivering on their contracts, etc.

Lowest bidders are not winning awards

Suppose the contracts are consistently going to bidders other than the lowest bidder. In that case, this might warrant further investigation – as most contracts are considered “low bid” and would reasonably go to the lowest bidder. Also, if there is a higher-than-average range or spread between bidders, that could signal that something is off.

There is a high number of late bidders

Late bids can be a sign of collusion if bidders, or an agent at the organisation soliciting bids, are sharing bid information – such as the highest bid (so far) in an award process. This is especially true when the winning bidder is consistently the last one to submit bids. If late bidders are being approved regularly, you need to know why.

Bidders share (or have similar) names, addresses, or other information

This is an obvious red flag. In some cases, bids from two different contractors have been submitted from the same fax machine! This indicates that parties might be colluding in their bid submissions, and you need to look further.

Other countries’ DOJ and enforcement bodies have demonstrated their willingness to detect, investigate, and punish collusion. For the sake of your organisation, it is best to be proactive when it comes to your bidding and contract processes. CRI® Group’s integrity due diligence services can help you identify the above red flags. Our experts also conduct risk assessments to help find weaknesses in your business process and controls that might make your organisation vulnerable to collusion. This holds whether you need the goods or services or are a supplier or contractor submitting bids. The secret crime of collusion causes financial harm through inflated costs, representing a legal and financial liability to your organisation and/or clients. By being attuned to spot red flags, you’ll be more likely to notice the smoke …. before it turns into a fire.

Download our Brochure

Take a proactive stance with the highest integrity due diligence as a part of your essential business strategy. Contact us today to learn more about our full range of services to help your organisation stay protected. Get a FREE QUOTE

About Us

CRI® Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligence,  third-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

Filed under: Compliance Solution, Due Diligence, Employee Background Check, Resources by admin
No Comments »

Stay On Top of Your Employee Data Privacy Compliance Anywhere in the World!

Filed under: All Industries, All Regions, Compliance Solution by admin
No Comments »

6 challenges for compliance officers in 2020

The job of a compliance officer can be a difficult one. Organisations from large corporations down to small government agencies rely on their compliance officers to keep them within ethical and legal boundaries. They also rely on them to maintain monitoring and reporting requirements, and stay abreast of any changes in the compliance landscape. For professionals in this field, the bad news is that challenges will continue to increase in the near future (as we’ll explain in this article). The good news is that there are trained experts available to work hand-in-hand with organisations’ compliance officers to minimise risk and help them remain in compliance.

The stakes are high, as organisations in both the public and private sectors face new laws and regulations in jurisdictions around the world, along with increasingly strict enforcement and punishments. Investigations of violations can, and often do, lead to heavy fines. In some cases, criminal charges may result – and these can be levied against the organisation, or individuals, or both. Here are some of the biggest challenges facing compliance officers today:

 1. Anti-money laundering (AML) regulations

The Panama Papers and other major scandals, including the illicit funding of certain terrorist actions, brought money laundering issues firmly into the spotlight. Many governments have been stirred to action to create stronger measures meant to prevent the illegal funding of criminal or terrorist enterprises. In the European Union, this resulted in the 5^th Money Laundering Directive (5MLD), which takes effect in January 2020. 5MLD impacts organisations most directly in how they handle their know-your-customer (KYC) processes.

In the run-up to the 5MLD, there was increased attention on high-risk countries. Clients or transactions engaged in high-risk countries are now subject to enhanced due diligence when performing onboarding checks. Compliance teams need to ensure KYC is not a simple “tick box” exercise during the onboarding phase, and ongoing monitoring processes need to be implemented to manage changes throughout the customer lifecycle.

5MLD requires enhanced due diligence when dealing with high-risk countries. In addition to obtaining evidence of the source of funds and source of wealth, information on beneficial ownership and background to the intended transaction must also be recorded. The EU may also designate a ‘blacklist’ of high-risk countries for money laundering.

2. Conflicts of interest

Risks related to conflicts of interest are significant at every level of the company. Starting with the board of directors, an effective board must be transparent about potential conflict issues and address them on an ongoing basis. Board decisions that either suffer from actual conflicts can risk the board’s adherence to its duties and create real legal risks. Even the appearance of a conflict can raise real issues and transparency becomes even more important in these contexts.

This same level of risk can undermine the integrity of senior management. When senior executives fail to address real and significant conflicts, the integrity and overall leadership trust factor can deteriorate. A compliance executive must be willing to take on these issues, even when it is difficult to confront senior executives.

Within the private equity (PE) industry, conflicts and their adequate disclosure remain problematic. In recent years regulators have made examinations of PE firms and their complex structures top priorities. Most major organisations – and their compliance officers – see outside business activities as a risk.

3. Innovation driving new demands

New innovations are providing increased efficiency in compliance processes, which is a major plus for organisations. Always a double-edged sword, however, technology also creates more issues in data security, not to mention the training and expertise required to master it.

For many ‘non-tech’ professionals such as compliance officers, rapidly changing technology can be a concern, as the importance and integration of technology into the compliance suite continue to evolve. Compliance officers may not need to become technology experts, but they do need to ensure that tech-related risks are addressed within their firm’s framework. Compliance must be aware of rules and regulations from every jurisdiction with authority over the firm’s activities. This is another area where partnering with an outside firm that provides training and technology resources can be a major advantage.

4. Regulatory and political change

Recent years have seen a flurry of new regulations from various governmental bodies and jurisdictions, from the General Data Protection Regulation (GDPR) act to 5MLD. The GDPR, for example, has extraterritorial reach. It also serves as a model for future possible regulations in the critical area of data privacy and cybersecurity.

In Europe, Brexit creates real uncertainty for the UK’s regulators, and the industries that they regulate. But Brexit also impacts EU member states and any organisations doing business within or through the UK. The impact is far-reaching, and regulators face major challenges in responding to profound changes in policy, the legislative framework and the wider economic context.

Politics in the United States and other nations have also seen similar dramatic shifts in governmental control and resultant effects in policy, which can impact regulatory laws and how they are implemented and enforced worldwide. One thing is certain – investigations and legal actions based on violations of the Foreign Corrupt Practices Act (FCPA) continue to increase, and organisations must remain diligent in conducting risk assessments and implementing control measures to remain in compliance.

5. Personal liability

One area of concern sure to grab the attention of any compliance officer is the issue of personal liability. Recent news stories have reported criminal convictions, some leading to prison sentences, of executives, “middle men” and other individuals involved in various scandals. Compliance officers should take heed, as their responsibilities to their company can also extend to their own professional conduct being placed under a microscope. Many compliance professionals are aware of this, as a recent Thomson-Reuters survey found that 60% of them expect personal liability to increase.

New initiatives underline this reality, such as the Senior Managers and Certification Regime (SCMR) in Europe. It places a focus on firms’ senior managers and individual responsibility, and extends to all Financial Conduct Authority (FCA) solo-regulated financial services firms. The FCA itself has been increasing enforcement notices against individuals. We can expect an increase in these types of measures and they will apply to industries beyond those in the financial sector.

6. Ethics and integrity

Today’s business landscape brings an increased emphasis on the culture of an organisation, with an eye toward ethical practices and principles. With growing scrutiny from both regulators and stakeholders, the pressure is on for compliance professionals and their superiors to take broader responsibility for policies, procedures and controls to create a truly ethical business.

The Cambridge Analytica scandal is a notable example of how data misuse has serious brand and societal implications, on top of legal and compliance penalties. The public outrage was so intense that governments were forced to act, calling on Facebook and other involved parties to testify and explain themselves. The market’s reaction was also punishing, with more than $100 billion knocked off Facebook’s share price in days, while Cambridge Analytica went out of business.

In conclusion, AML regulations, conflicts of interest, innovation driving new demands, regulatory and political change, personal liability, and ethics and integrity issues are among the biggest challenges facing today’s compliance professional. This is the time to address solutions. There is expert help and a wealth of resources available, with no better time to leverage them than the present.

Let us know if you would like to learn more! Contact us today and get your FREE QUOTE now!

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Anti-Bribery Anti-Corruption Solution, Automotive, Aviation, Business Intelligence, Compliance Solution, Due Diligence, Finance & Professional services Industry, Insurance, IT & Telecommunications, Oil, Gas & Energy, Pharmaceutical & Healthcare, Property, Resources by admin
No Comments »

Top 10 Bribery and Corruption Cases of 2019

There is a never-ending stream of news stories documenting bribery and corruption cases around the world. Some of those cases rose to the top of the headlines in 2019. All of the stories help illustrate the need for organisations to have proper controls in place to prevent further bribery and corruption cases popping up. A certification such as ISO 37001 – Anti-Bribery Management Systems standard can provide a comprehensive approach to mitigating bribery and corruption risk. Organisations of all sizes and industries should take steps now to ensure that they don’t end up on a future list of top bribery and corruption cases and scandals.

Here, we count down the stories we’ve chosen as the 10 most eye-popping bribery and corruption cases reported in 2019.

#10 – Juniper Networks

California-based cybersecurity firm Juniper Networks was ordered by the U.S. Securities and Exchange Commission (SEC) to pay more than $11.7 for violations of the Foreign Corrupt Practices Act (FCPA). The SEC alleges that some of the sales employees in Juniper’s Russian subsidiary “secretly agreed with third-party distributors to fund leisure trips for customers, including government officials through the use of off-book accounts.” In the settlement, Juniper did not explicitly admit nor deny the SEC’s claims – but it did agree to “cease and desist from committing or causing any violations”. (Reuters, 2019, SEC, 2019)

#9 – Alstom

Paris-based Alstom came under the attention of the UK Serious Fraud Office (SFO), resulting in a £16.4 million judgment in fines and costs for a corruption scheme. Alstom Network UK Ltd was ordered to make the payment after an SFO investigation revealed a fraudulent contract with an intermediary that was “simply a conduit for bribes”. To hide the corruption, Alstom went so far as to provide fake paperwork and fraudulent compliance checks. Three former Alstom employees were jailed in the case.

The multinational conglomerate, which serves the rail industry in locations worldwide (and formerly included interests in the power industry), has seen trouble at several units in various regions. In 2014, Alstom SA pleaded guilty in the U.S. to violating the Foreign Corrupt Practices Act (FCPA). The company bribed officials in Saudi Arabia, Egypt, Indonesia and the Bahamas, resulting in $772 million in criminal penalties. In 2016, Alstom Power Ltd pleaded guilty in the UK for corruption involving a Lithuanian power project. (WSJ 2019, FCPA Blog, 2019)

#8 – Microsoft

In Hungary, a wholly-owned subsidiary of Microsoft (aptly named Microsoft Hungry) was busted for a bid-rigging and bribery scheme, costing the corporation $25.3 million in combined criminal and civil penalties. The action was brought by the U.S. Department of Justice (DOJ) and the SEC for violations spanning from 2013 until “at least” 2015.

The scandal centered around the sale of Microsoft software licenses to Hungarian government agencies. Microsoft Hungary employees, including executives, were found to have falsely represented steep “discounts” in order to conclude deals with resellers, in violation of the FCPA. The SEC further found Microsoft’s subsidiary in Turkey “provided an excessive discount to an unauthorized third party in a licensing transaction for which Microsoft’s records do not reflect any services provided”.(Compliance Week, 2019)

#7 – KPMG

Big Four accounting firm KPMG found itself in all sorts of embarrassing (and costly) trouble over allegations that some of its former employees used stolen information to alter previous audit work – and cheated on training exams. The firm admitted to the allegations and agreed to pay the SEC $50 million to settle the charges. The case is significant as it marks the largest fine imposed on an auditor by the SEC to date.

“The breadth and seriousness of the misconduct at issue here is, frankly, astonishing”, said Steven Peikin, one of the SEC’s enforcement directors. “This settlement reflects the need to severely punish this sort of wrongdoing while putting in place measures designed to prevent its recurrence”. (Reuters, 2019)

#6 – Samsung Heavy Industries

A subsidiary of Samsung Group, South Korea-based Samsung Heavy Industries Company Ltd. (“SHI”) found itself under investigation for involvement in the Petrobras scandal. Specifically, the company was charged in a scheme to pay millions of dollars in bribes to Petrobras official in return for Petrobras chartering one of SHI’s oil drillships. Petrobras is the Brasilian state-owned energy company caught up in a major, ongoing investigation over widespread corruption.

According to the DOJ, SHI conspired to pay commissions, including some of that money for bribes, to Brasilian intermediaries beginning 2007 and continuing until 2013. The amount topped $20 million. SHI admitted to the charges and entered into a three-year deferred prosecution agreement with the DOJ. As per the agreement, SHI will pay 50 percent of the total penalties to the U.S. and the remaining 50 percent to the Brasilian authorities. (Lexology, 2019)

#5 – Fresenius Medical

Fresenius Medical Care AG & Co. KGaA (based in Bad Homburg, Germany) agreed to pay $231 in penalties for bribing doctors and public health officials in at least 17 countries. Fresenius is the world’s largest provider of dialysis equipment and services. It will make the payments to the DOJ and SEC to settle violations of the FCPA in various countries and continents, including Africa, the Middle East and Europe.

According to the SEC, in some locations, Fresenius failed to train employees or conduct due diligence on agents, and “in many instances, senior management actively engaged in corruption schemes and directed employees to destroy records of the misconduct”. Fresenius paid about $30 million in bribes “using sham consulting contracts, falsifying documents, and funneling bribes through a system of third party intermediaries”. (FCPA Blog, 2019)

#4 – Walmart

Retail giant Walmart is alleged to have engaged in corrupt payments to governments and officials around the world for more than 10 years, according to an agreement reached with the DOJ and SEC. Walmart will pay $282 million to settle the charges that it violated the FCPA in an effort to open new locations in various countries and jurisdictions around the world. Notably, Walmart’s Brasilian subsidy pleaded guilty to breaking U.S. federal law – but allegations included cases in Mexico, China, India and other locations.

Federal regulators said Walmart looked the other way as subsidiaries on three continents paid millions of dollars to middlemen who helped the company obtain permits and other government approvals from July 2000 to April 2011. (The New York Times, 2019)

#3 – TechnipFMC

London-based TechnipFMC was charged with making illicit payments to advance the company’s interests in Iraq and Brasil. The company paid a $296 million settlement to the DOJ for the two bribery schemes. In Tuesday’s enforcement action, the DOJ said the charges against TechnipFMC “arose out of two independent bribery schemes: a scheme by Technip to pay bribes to Brazilian officials and a scheme by FMC to pay bribes to officials in Iraq”.

The SEC alleged that from 2003 until at least 2013, Technip conspired with Singapore-based Keppel Offshore to pay $69 million in bribes, disguised as “commission payments” passed in part to Petrobras – as well as more than $6 million in payments to the Workers’ Party in Brazil and to Workers’ Party officials. In Iraq beginning in 2008 and continuing until at least 2013, FMC bribed at least seven government officials “through a Monaco-based intermediary company”, the DOJ said. (DOJ, 2019)

#2 – Ericsson

Number two on our list is Swedish telecom giant Ericsson. The company paid a blockbuster sum of more than $1 billion (U.S.) to the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) for “violating the anti-bribery, books and records, and internal controls provisions of the FCPA.”

According to the DOJ, the corruption scandal spanned 17 years and at least five countries. It involved high-level executives and was geared toward increasing Ericsson’s profits. Ericcson allegedly used slush funds to bribe officials in various countries including China, Vietnam, Indonesia and Kuwait.

In China, for example, Ericsson subsidiaries paid millions in bribes that were ultimately delivered to officials, including about $31.5 million for services that were never performed. (DOJ, 2019)

#1 – Unaoil

And finally, number one on our list: The massive Unaoil scandal continued to make headlines. Four businessmen pleaded guilty in London courts in 2019, admitting that they were involved in paying millions in bribes. According to investigators, the illicit payments were made to officials in nine different countries over a span of 17 years. As part of the scheme, participants were alleged to have engaged in widespread money laundering and attempts to destroy evidence.

It is alleged that two of the key players in the scandal made millions of dollars in bribe payments to government officials in Algeria, Angola, Azerbaijan, the Democratic Republic of Congo, Iran, Iraq, Kazakhstan, Libya and Syria. Fallout continues from the massive Unaoil case, which some have said is the largest bribery scandal in history. The family business from Monaco is alleged to have systematically corrupted the global oil industry, paying our millions of dollars in bribes for big-name companies including Samsung, Rolls-Royce and Halliburton. (The Guardian, 2019, The Age)

Let us know if you would like to learn more about other bribery and corruption cases or our solutions!

If you have any questions or interest in implementing compliance solutions, please contact us.

CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligence,  third-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, ISO 37001, Resources by admin
No Comments »

ABAC® training held for 2019 International Anti-Corruption Day

“Manage your business risks with confidence” was the tone for CRI® Group’s ABAC® Center of Excellence anti-bribery anti-corruption training event held on International Anti-Corruption Day (Monday, 9 December) in Dubai. Hosted at Dubai Quality Group’s offices at Emarat Atrium Building, “Introductory Seminar on ISO 37001:2016 Anti-Bribery Management System” provided critical insight on how to protect businesses from bribery and corruption risks. Bribery and corruption do more than just damage businesses and detrimentally affect employees – it also affects the world’s economy. For example, it’s estimated that more than US $4 billion was embezzled in one of the world’s biggest corruption schemes, 1MDB, globally. The ABAC seminar provided effective, real-world solutions laid forth by the ISO 37001 Anti-Bribery Management System to give businesses effective controls to mitigate risk.

Takeaways for attendees included a greater understanding of the globalisation of bribery and corruption, and an in-depth look at Middle East case studies. The seminar also provided an understanding of the background of bribery, and the knowledge of ISO 37001 impact, requirements, training, and certification. Another focus was on how to remain in compliance with ISO 37001. Attendees included top-level management personnel and specialists with expertise in various areas, such as compliance and ethics, legal practises and counseling, internal audit, internal controls, finance, risk management, and supply chains. Many in the group were involved in coordinating, developing, implementing and auditing anti-bribery compliance activities internally. Some attendees were involved in assessing their organisation’s internal and external supply chain. The seminar was also streamed live on Dubai Quality Group’s Instagram page.

ISO 37001 training 

A company’s own employees are its best protection against corruption. Statistics show that most corruption is detected internally. Give your employees the tools they need to prevent bribery and mitigate related risks. Achieving ISO 37001 Awareness, Internal Auditor, Lead Auditor and/or Lead Implementer training is a proactive way of demonstrating your organisation’s commitment to ethical sustainability. Your employees will be able to recognise any form of corruption, and report it. Our trainers are the best in the business. They’re passionate about sharing their knowledge with you and/or your employees.

ABAC® training held for 2019 International Anti-Corruption Day

ABAC® training held for 2019 International Anti-Corruption Day

ABAC® training held for 2019 International Anti-Corruption Day

ABAC® training held for 2019 International Anti-Corruption Day

ABAC® training held for 2019 International Anti-Corruption Day

ABAC® training held for 2019 International Anti-Corruption Day

ABAC® training held for 2019 International Anti-Corruption Day

ABAC® training held for 2019 International Anti-Corruption Day

ABAC® training held for 2019 International Anti-Corruption Day

ABAC® training held for 2019 International Anti-Corruption Day

ABAC® training held for 2019 International Anti-Corruption Day

ABAC® trusted experts have years of hands-on and business experience – they bring the subject matter to life with relevant and contemporary examples.

Lead Auditor training in Pakistan 

Join us for LA training in Pakistan. During this training, you will:

• Understand the operation of an Anti-bribery Management System based on ISO 37001 and its principal processes
• Understand the correlation between ISO 37001 and other standards and regulatory frameworks
• Understand the auditor’s role in planning, leading and following-up on a management system audit in accordance with ISO 19011
• Interpret the requirements of ISO 37001 in the context of an ABMS audit
• Strengthen the personal skills necessary for an auditor to act with due professional care during an audit

Interested?

Our sister brand Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence is an independent certification body established for ISO 37001 Anti-Bribery Management System, providing Introductory, Internal Auditor, Lead Auditor training and ISO ABMS Certification. ABAC’s certification services are accredited by the EIAC for administering the ISO 37001 Anti-Bribery Management Systems standard. ABAC® trusted experts have years of hands-on and business experience – they bring the subject matter to life with relevant and contemporary examples.

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, ISO 37001, Resources by admin
No Comments »

CRI® Leads 2019 International Anti-Corruption Day

International Anti-Corruption Day is Monday, 9 December 2019. The campaign was started as a joint venture between the United Nations Development Programme (UNDP) and the United Nations Office on Drugs and Crime (UNODC), and now organisations around the world are united against corruption for this day every year.

United Against Corruption focuses on corruption as one of the biggest obstacles to achieving sustainable development goals. The abuse of entrusted power for private gain can cost people their freedom, health, life and future. Moreover, corruption affects every country, region, and community.

CRI® Group is a strong supporter of International Anti-Corruption Day and an advocate of preventing corruption on all levels. CRI® Group addresses the corruption problem with thought leadership pieces focused on bribery and corruption in various regions, including South Asia, the Middle East, and the United Kingdom. CRI® Group’s experts also published multiple informative articles worldwide to help educate business and industry leaders, government officials, corporate professionals and the public on topics ranging from corruption, due diligence and employee background investigations. These include CRI® Group’s primary research paper, “How Can Life Sciences Companies Prevent Bribery and Corruption? Is ISO 37001:2016 the Answer?” Zafar Anjum, Group Chief Executive Officer for CRI® Group, was featured in Financier Worldwide’s “Annual Review: Corporate fraud & corruption,” discussing the latest corruption risks and best practises for combating fraud in the Middle East and beyond.

This year, CRI® Group celebrated its 29^th anniversary as a global leader in compliance and risk management. The firm cultivates this leadership role in many ways, including hosting anti-fraud, anti-bribery and anti-corruption conferences and summits, and participating in other hosted events, around the world. These include CRI® Group’s own Anti-Bribery Anti-Corruption Summits n Islamabad, Karachi and Kuala Lumpur; and participation in the Malaysian Anti-Corruption Commission (MACC) Seminar Benchmark on Governance, Integrity & Anti-Corruption. At this year’s MACC Seminar, Mr. Anjum presented “Anti-Bribery Management System (ABMS 37001) Case Study and Implementation – UK Experience.” He provided an overview on ISO 37001 Anti-Bribery Management System Accreditation & Certification as an effective and “adequate procedure” for organisations in the region and beyond.

Join us for the ABMS training on 9th December

CRI® Group’s ABAC® Center of Excellence will be hosting an important seminar on Monday during International Anti-Corruption Day. The “Introductory Seminar on ISO 37001:2016 Anti-Bribery Management System” will provide insight on how to protect your business from bribery and corruption risks. Attendees will gain a greater understanding of the globalisation of bribery and corruption; learn case studies in bribery and corruption in the Middle East; understand the background of bribery; gain knowledge of ISO 37001 impact, requirements, training, and certification; and learn how to remain in compliance with ISO 37001. Register today.

Lead Auditor training in Pakistan

This year, ABAC® also presents “ISO 37001 Lead Auditor Training”. This intensive course helps attendees understand the operation of an Anti-bribery Management System based on ISO 37001 and its principal processes. It also focuses on the correlation between ISO 37001 and other standards and regulatory frameworks, and the auditor’s role in planning, leading and following-up on a management system audit in accordance with ISO 19011. Attendees learn to interpret the requirements of ISO 37001 in the context of an ABMS audit. The course also strengthens the personal skills necessary for an auditor to act with due professional care during an audit.

ABAC® has guided many clients through ISO 37001 training and certification. Some of the organisations that have successfully completed ISO 37001 certification include global transport company Apex Shipping, global investment firm Mubadala, and technology services company ISS Middle East FZC – just to name a few.

Interested in evaluating your corporate compliance program?

Let ABAC® experts conduct the Highest Ethical Business Assessment (HEBA) survey to evaluate your organisations’ current corporate compliance programs. It’s the best way to find out if your organisation’s compliance program is in the line with worldwide compliance, business ethics, anti-bribery and anti-corruption frameworks.

International Anti-Corruption Day is a great opportunity to participate in a HEBA survey. ABAC® experts will prepare a complimentary gap analysis of your organisation’s compliance program to evaluate if it meets “adequate procedures” requirements under the UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.

Corruption is found in both rich and poor countries, and among organisations of all sizes and industries. It contributes to instability and poverty and is a dominant factor driving fragile countries towards state failure. On International Anti-Corruption Day, CRI Group stands ready to provide solutions to organisations that aim to reduce their risk and prevent more fraud and corruption. Additionally, ABAC® provides training and certification programs to help ensure continued best practices and prevention measures. These are the types of steps that make a real difference.

Awareness is the first step toward combating corruption – but it isn’t the only step. CRI® Group knows that taking concrete action to prevent bribery and corruption is essential in making a real difference. Contact us today and let us help you to fight bribery and corruption.

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, ISO 37001, Resources by admin
No Comments »

Middle East corruption: how can ISO 37001 help?

Political and governmental unrest can affect a region’s economy and the integrity of business transactions. The current state of the Middle East exemplifies this phenomenon. While governments in the region are making efforts to curb corruption, political instability and regime changes often undermine these measures. Bad actors understand how to take advantage of such vulnerabilities, leading to increased bribery and corruption across international borders. Recent cases and statistics show that the problem persists in most countries in the region. Against this backdrop, most government officials and private sector business leaders view it as a high priority to reduce bribery and corruption. One of the problems, however, is that some dishonest politicians use supposed anti-corruption efforts as a tool against political enemies. This makes clear that the best approach is for government agencies and businesses themselves to lead from the front. By adopting an internationally recognised set of anti-bribery anti-corruption standards, increased business integrity will result. Organisations that are committed this effort are adopting the ISO 37001 – Anti-Bribery Management Systems standard as a comprehensive approach to mitigating bribery and corruption risk. ISO 37001 and its elements can be tailored to any type of organisation, of any size. The key elements include adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates. ISO 37001 also calls for implementing financial and commercial controls, and instituting reporting and investigation procedures.

Corruption a Major Challenge in the Middle East

The Middle East lags behind several other regions when it comes to bribery and corruption. Even as these elements are on a slight decrease globally, the Transparency International Corruption Perceptions Index shows the troubled state of the Middle East and North Africa. “The Corruption Perceptions Index 2018 presents a grim reality in the Middle East and Northern Africa where, despite some incremental progress by a select few, most countries are failing in the fight against corruption”. Syria, Yemen and Libya are at the bottom (worst) end of the list. There are some bright spots, though. United Arab Emirates (UAE) and Qatar, both countries that have taken strong stances on fraud and corruption, score the highest for the Middle East. Morocco and Egypt showed some improvement. Overall, however, the political instability in the region has created a tumultuous business environment. According to the article: “In many Arab governments, powerful individuals have actively influenced government policies and diverted public funds and state assets for their own self-interest and enrichment at the expense of citizens. This reduces anti-corruption efforts to merely ink on paper, where laws pass, but are rarely enforced or implemented.”

This is underscored by limits and obstacles that corruption throws up in the way of those looking to enact real change. “Across much of the developing world, the corruption of courts and other government institutions threatens the free flow of goods and capital that promotes economic growth. Left unaddressed, such threats can lead to heightened tensions among nations and even outright trade wars. Diplomats operate under constraints that limit how much they can call out international bad actors who violate the rule of law. That’s why the role of outside watchdogs is so important in promoting the Rule of Law and holding nations to the standards of fairness and impartiality they claim to meet,” writes National Review.

Iran: Power Structures Hamper Progress

One country that exemplifies the Middle East difficulties with corruption is Iran. The problem is described by one analyst as “deeply rooted,” and even recognised by the country’s conservative rulers. In such a political structure as Iran’s, a campaign to combat “systemic corruption” is often seen as the lens of political reprisals against rivals. “In autocratic systems, every now and then, a campaign emerges under the banner of fighting corruption. The main reason is to buy legitimacy for the system. During the last years of the rule of the former Shah of Iran, in an attempt to tame the revolution, such a campaign led to the arrest of several prominent political figures, including Amir-Abbas Hoveyda, who served for 13 years as prime minister”.

“While the same impetus could be behind the current move by Raisi, there is strong speculation in Iran that the move also, and more importantly, aims to shape a consensus within the country to accept Raisi’s giant leap towards assuming the leadership of the country after Khamenei’s death”.

While there has been some concern that the corruption crackdown is a cover for prosecuting reformers, some disagree – positing that it depends more on which party is leading the effort. “Corruption in Iran is linked to political power. Therefore, whichever of Iran’s two main political factions—fundamentalist or moderate-reformist—takes over the executive branch, corruption among the members of that faction increases. At the end of former President Mahmoud Ahmadinejad’s term in office, for instance, his first vice president, Mohammad-Reza Rahimi, and his Vice President for Executive Affairs, Hamid Baghaei, were imprisoned for economic corruption and embezzlement. Such corruption reached an all-time high during his tenure in office”. In any case, it’s clear that most observers aren’t convinced that the country’s anti-corruption campaign is to be taken at face-value – yet.

Bribery Cases Exposed in UAE

Two bribery cases demonstrate some common characteristics among such schemes. While both of these instances were uncovered (and prosecuted) in the UAE, they are likely typical for the Middle East region and beyond.

In 2018, an Emirates Post revenue officer was sentenced to prison after being convicted of attempted bribery. The officer solicited a Dh100,000 bribe from a corporate customer. He was in a unique position to attempt the crime, as his duties included collecting and auditing profits for the Emirates Post office in Dubai. The Jordanian revenue officer, 28, collected and audited profits, among other duties, on behalf of Emirates Post office in Dubai. The offender perpetrated the scheme by leveraging fines on a shipping company based in India for supposed postal fee violations. The alleged fine, according to the revenue officer, totaled Dh2.4 million, and he attempted to negotiate a scheme with the client to have the fine reduced to Dh400,000 – in exchange for the Dh100,000 bribe. Instead of paying, the client wisely contacted the police. In a sting operation, the client was fitted with a listening device, and met and paid the bribe – under coordination of the police. As a result, the revenue officer was arrested, and subsequently convicted.

In another case, two Asian residents of UAE were sentenced to three years and one year in jail for giving and accepting a bribe. They were also fined Dh5,000. One of the perpetrators was a government officer. The first defendant, a trader, offered a bribe of Dh900 to the government officer, who works as a customs clearance staff member with the Saqr Port in Ras Al Khaimah. The goal was to ship two containers full of scrap iron out of the UAE without paying taxes or undergoing an inspection. When they were caught, the trader who gave the bribe claimed that it was just a loan, and that he had already paid “over DH50,000 in taxes and charges”. The other defendant (the customs officer) agreed, but the court did not accept their explanation. Both defendants will be deported to their home countries after serving their prison sentences. These types of cases are typical among positions of access, and can happen in any jurisdiction. They exemplify the problem that government agencies and companies alike are trying to reduce and prevent.

‘Relationship Building’ v. Bribery

To some degree, the same problems that plague the Middle East are endemic around the world. Among them, the dilemma of misunderstanding in terms of what constitutes bribery. In nearly all cultures, relationship building is considered an essential part of doing business. Often, business associates consist of numerous friends or even family members. When that is the case, there can be a slippery scale in terms of what is merely a favor or a gift, versus what constitutes bribery or corruption. The Foreign Corrupt Practices Act (FCPA) can provide some guidelines here. A case involving Bank of New York Mellon is instructive. “On 18 August 2015, Bank of New York Mellon (“BNYM”) consented to a Securities and Exchange Commission (“SEC”) Order requiring BNYM to pay $14.8 million to settle charges that it violated the FCPA by providing student internships to family members of foreign government officials affiliated with a Middle Eastern Sovereign Wealth Fund (“SWF”). All parties involved, except BNYM, have been anonymised in the Order so that the nationality of the foreign public officials and the SWF is publicly unknown beyond being described as ‘Middle Eastern’.

“The BNYM internships were given to three people: the son and nephew of one key figure of the SWF and the son of another. The internships were given despite the facts that the interns did not meet the rigorous selection criteria usually applied by BNYM and did not go through the standard (or any) recruitment process before being awarded the internships. In addition, these internships were found by the SEC to be more valuable than those offered to the regular applicants, who had endured the competitive admissions process against strict entry requirements. For example, rotation between business units was arranged, which is not an opportunity afforded to regular interns.”

“Emails between BNYM employees clearly demonstrate that the motivation behind the favour to the foreign officials was to influence the latter’s decision-making in the interests of BNYM. There can be no doubt that this was bribery in action – the BNYM employees expected to retain and gain business from the foreign officials in return for offering their relatives valuable internships to which they would not otherwise have had access”.

The case clearly describes what could be considered a “gray area” compared to some of the more extreme realities of bribery and corruption. One study of the Middle East and North Africa in 2016 suggested that people felt the need to bribe officials for basic services. “About 30 percent of those polled said that they had to access basic public services by bribing officials. If that figure holds across the entire MENA region, that would mean that about 50 million people, the majority of whom are poor, feel they must pay bribes in order to have access to basic public services. In five countries, the rich reported being far less likely to have to pay a bribe: 63 percent of poor Sudanese citizens versus 38 percent of wealthy ones, for example, and 23 percent versus 12 percent, respectively, in Algeria”.

ISO 37001:2016 to Combat Bribery & Corruption

Corruption certainly isn’t exclusively a Middle Eastern problem. Organisations around the world are taking action to reduce risk. They’ve found the structure and process they need in ISO 37001. ISO 37001 was issued by the International Organization for Standardization (ISO) in 2016 to help organisations worldwide increase and measure their efforts against bribery and corruption. Through ISO 37001 ABMS, organisations can implement standards at every level. These measures include adopting an anti-bribery policy and appointing a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates. It’s also critical that the organisation implement financial and commercial controls, along with reporting procedures and investigation processes.

CRI Group founded ABAC® (Anti-Bribery and Anti-Corruption) Center of Excellence to help organisations of all types and industries implement ISO 37001 certification and/or training. ABAC® has a team of experts around the world that include certified ethics and compliance professionals, financial and corporate investigators, forensic analysts, certified fraud examiners, qualified auditors, and accountants. They are trained and experienced in the implementation of ISO 37001’s key elements, helping clients more effectively prevent bribery and corruption. ABAC Certification is an accredited provider of ISO 37001 ABMS, and it provides certification and training for organisations of various types and industries.

There are requirements and guidance that the ISO 37001 standard prescribes for a comprehensive anti-bribery management system. The following bribery elements are addressed by ISO 37001 in relation to the organisation’s business processes and activities:

• Bribery in the public, private and not-for-profit sectors
• Bribery by the organisation
• Bribery by the organisation’s personnel acting on the organisation’s behalf or for its benefit
• Bribery by the organisation’s business associates acting on the organisation’s behalf or for its benefit
• Bribery of the organisation
• Bribery of the organisation’s personnel in relation to the organisation’s activities
• Bribery of the organisation’s business associates in relation to the organisation’s activities
• Direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party)

Government organisations and companies can reduce the risk of bribery through ISO 37001’s best practices for anti-bribery and anti-corruption. The following are just a few of the ways ISO 37001 helps accomplish this goal:

• Provide needed tools to prevent bribery and mitigate related risks
• Help an organisation create new and better business partnerships with entities that recognise ISO 37001 certified status, including supply chain manufacturing, joint ventures, pending acquisitions and co-marketing alliances
• Potentially reduce corporate insurance premiums
• Provide customers, stakeholders, employees and partners with confidence in the entity’s business operations and ethics
• Provide a competitive edge over non-certified organisations the organisation’s industry or niche
• Provide acceptable evidence to prosecutors or courts that the organisation has taken reasonable steps to prevent bribery and corruption

It is important to note that “Conformity with (ISO 37001) cannot provide assurance that no bribery has occurred or will occur in relation to the organisation, as it is not possible to completely eliminate the risk of bribery”, according to ISO.  The certification is potentially an important piece of evidence, however, that shows regulators, prosecutors, and the courts that the organisation has taken meaningful action to prevent bribery and corruption.

Conclusion

All is not lost. Some Middle Eastern countries, like the United Arab Emirates, have made a commitment and continue to demonstrate positive strides toward combating corruption. UAE has expanded its laws, broadened the definitions of what is considered bribery and corruption, and increased punishments. But the country is largely an outlier in a region that is struggling under the weight of instability and corruption.

In this type of environment, both government organisations and the businesses they serve (and regulate) need ISO 37001. The sooner organisations implement the comprehensive measures prescribed by ISO 37001, the calmer the seas will be for international trade, business agreements and mergers, acquisitions and other positive elements of economic growth.

An established standard like ISO 37001 ABMS can help organisations address bribery and corruption through implementing best practices in a program of training and certification. While following the curriculum, the training process can easily be tailored to the organisation based on its size, type, industry or risk level. Bribery and corruption are pervasive problems that won’t be solved overnight. It will take a concerted effort by all major players in the region to make positive strides and reduce risk factors. ISO 37001 provides a blueprint for making those changes. Twenty or thirty years ago, organisations were mostly on their own went it came to developing an anti-corruption strategy. Today, there is a tried-and-true path forward. Committing to it is the first step toward making real progress in the Middle East.

Sources

1. “Middle East & North Africa: Corruption Continues As Institutions And Political Rights Weaken,” Transparency International, 29 Jan. 2019,

< https://www.transparency.org/news/feature/regional-analysis-MENA> (accessed 25 Oct. 2019)

2. John Fund, “Cleaning Up Corruption Is a Key to Middle East Stability,” National Review, 23 October 2019,

<https://www.nationalreview.com/corner/cleaning-up-corruption-is-a-key-to-middle-east-stability/> (accessed 25 Oct. 2019)  OECD, The rationale for fighting corruption. 2014

3. Shahir Shahidsaless, “Iran’s conservatives are saying it: Corruption is ‘systemic’”, Middle East Eye, 7 Oct. 2019,

<https://www.middleeasteye.net/opinion/whats-behind-irans-crackdown-corruption> (accessed 25 Oct. 2019)

4. Jalil Bayat, “Iran’s Goals In The Fight Against Economic Corruption,” Lobe Log, 18 Oct. 2019,

<https://lobelog.com/irans-goals-in-the-fight-against-economic-corruption/> (accessed 25 Oct. 2019)

5. Salam Al Amir, “Emirates Post worker jailed for seeking Dh100k bribe from customer”, The National, 31 Oct. 2018,

< https://www.thenational.ae/uae/emirates-post-worker-jailed-for-seeking-dh100k-bribe-from-customer-1.786526> (accessed 10 Nov. 2019)

6. Ahmed Sheeban, “Government officer jailed for accepting Dh900 bribe in UAE”, Khaleej Times, 13 April 2019,

< https://www.khaleejtimes.com/nation/ras-al-khaimah/government-officer-jailed-for-accepting-dh900-bribe-in-uae> (accessed 10 Nov. 2019)

7. Andrew Hudson, “Middle East meets West: Where is the line between relationship-building and bribery?,” Al Tamimi 7 Co., September 2015,

< https://www.tamimi.com/law-update-articles/middle-east-meets-west-where-is-the-line-between-relationship-building-and-bribery/> (accessed 25 Oct. 2019)

8. Ben Thompson, “Bribery worsening in the Middle East and North Africa, citizens say,” CSM, 3 May 2016,

< https://www.csmonitor.com/World/Global-News/2016/0503/Bribery-worsening-in-the-Middle-East-and-North-Africa-citizens-say> (accessed 25 Oct. 2019)

9. “ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMS — REQUIREMENTS WITH GUIDANCE FOR USE”, www.ISO.org,

< https://www.iso.org/standard/65034.html > (accessed 5 Aug. 2019)

10. Adam Vause, Zara Merali, “The UAE’s fight against bribery and corruption,” DLA Piper, 16 July 2019,

< https://www.dlapiper.com/en/dubai/insights/publications/2019/07/the-uaes-fight-against-bribery-and-corruption/> (accessed 25 Oct. 2019)

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, ISO 37001, Middle East, Resources, Third-Party Risk Management by admin
No Comments »

25 Benefits of ISO 37001:2016 ABMS Certification

How to fight bribery and corruption?

Bribery and corruption are a dent on the image of any company. It is an unwanted and unsightly reflection that can be not only be mitigated but prevented in the organisation. The negative representation might result in a loss of trust among customers, affiliates and business patrons. In addition, the lack of internal anti-bribery controls and procedures has been one of the key reasons for deficiency in productivity inside global organisations. ISO 37001 ABMS

To combat these adverse effects, a strong standard is needed where governance, risk management and compliance (GRC) procedures are at the heart of the system. ISO launched ISO 37001:2016 ABMS standard – a global benchmark in the Anti-Bribery Management System (ABMS) which detects, protects and addresses the issues of bribery and corruption in the corporation. It is an assurance of employing the highest ethical standards and harnessing transparency even in the most complex business activities.

What is ISO 37001:2016 ABMS certification?

ISO 37001:2016 ABMS certification demonstrates organisation’s commitment to upholding the best practices in the corporate world. Being a framework that measures, identifies and controls the level of transparent commercial performance combined with international guidelines, it is applicable for all kinds, sizes and natures of organisations By adopting the ISO 37001:2016 ABMS certification, companies, subsidiaries and other affiliates are able to shield themselves from the dent that can tarnish their reputation and decrease their proficiency in the industry.

Through the implementation of ISO 37001:2016 certification, your organisation can cultivate a better anti-bribery and ethics culture along with the trust within the establishment. By adopting the ISO 37001:2016 certification, organisations will be able to combine the GRC strategies with the ISO system across all departmental units in a transparent and operative manner. Built with a set of globally accepted requirements, the ISO 37001:2016 certification is compliant with global, regional and local anti-bribery regulations worldwide, which increases the multi-level integrity of the association.

What are the benefits of ISO 37001:2016 ABMS Certification?

ISO 37001:2016 ABMS certification includes audit assessment procedures, to utilise the application and maintenance of a robust anti-bribery program. Being an all-encompassing standard that is integrated with other management systems, the ISO 37001:2016 ABMS certification provides several benefits:

• Competitive advantage over other organisations
• Greater awareness on the output of bribery
• Enhanced aptitude for the prevention of corruption
• Expansion of business opportunities
• Continual improvement of services and products
• Enhancement of the organisation’s reputation
• Facilitation of efficient management operations
• Apt demonstration of legal compliance and assurance
• Reduction in structural and miscellaneous costs
• Escalation of organisational assets
• Better implementation of compliance programs
• Precise execution of significant measures
• Increase in business efficiency and effectivity
• Superior trust and transparency
• Reduction of malpractice and other hazards
• Protection of resources and other capitals
• Easy integration to existing management systems
• Appropriate utilisation as a due diligence evidence
• Accurate evaluation of organisation’s position
• Recognition and deterrence of immediate threats
• Placement of adequate procedures to combat risks
• Timely observation and development of controls
• Execution of feasible anti-bribery procedures
• Practice of internationally recognised processes
• Establishment of ethical global practices

How can your organisation attain ISO 37001: 2016 ABMS certification?

With the list of returns that ISO 37001:2016 ABMS certification holds, its value is undeniable. The cost and benefits of not adopting a viable Anti-Bribery Management System are far greater than the cost of its implementation. Dedicate your time, energy and capital towards your organisation’s growth and progress. By engaging with a qualified, trained and independent third-party certification body, your company is securing its future against losses and gaining a surplus of rewards. The Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence is looking forward to connecting with you and steering your organisation towards the espousal of ISO 37001:2016 ABMS certification. Provide your company with the credibility to go beyond and reach its envisioned destination. For more information, please feel free to contact our team and visit our website www.ABACgroup.com.

Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, ISO 37001, Resources by admin
No Comments »