You suspect employee fraud. Now what?

When any type of fraud, including employee fraud, is discovered, it’s usually by surprise. That’s because most of us aren’t used to looking for criminal behaviour inside our own organisation. We trust our employees and co-workers, and we keep our focus on succeeding as a team and accomplishing our goals for the business. Nobody wants to think that someone might be subverting the rules for their own personal gain.

Unfortunately, though, fraud does happen. The statistics tell us that on average, organisations lose about 5 percent of their total revenues to fraud. If that’s not bad enough, the average fraud lasts 18 months before being discovered – if it is discovered at all (ACFE, 2020).

One of the problems is that, since we aren’t looking for fraud, we sometimes don’t want to believe it when we do encounter its red flags. Though they may be unmistakable to some, when it involves our trusted co-workers (and even our superiors) sometimes we try to rationalize or ignore those signs altogether. Accounting discrepancies are one thing, but what about the more subtle things – like behavioural red flags? The following are a few examples:

• The subject appears to be living beyond their means
• They are having financial difficulties
• They have an unusually close association with a vendor or customer
• The subject shows excessive control issues or unwillingness to share duties
• They demonstrate unusual irritability, suspiciousness, or defensiveness
• The subject has what can be described as a “wheeler-dealer” attitude involving shrewd or unscrupulous behaviour
• They have recent divorce or family problems.

Now, these are just warning signs. None of them mean that fraud is definitely taking place. But it’s worth noting that, according to the ACFE, “at least one of these seven red flags had been identified before the perpetrator was caught in 76% of all cases.”

When such behaviours are put in the context of real discrepancies, such as accounting problems, missing cash or inventory, or other issues, a picture of fraud can begin to take shape. While most fraud is discovered by accident, having employees who are trained to recognise red flags is no accident and makes your organisation better protected in the long run.

So, now you’ve discovered fraud in your organisation. What happens next?

1. Report it

Depending on your company’s anti-fraud policy, you should follow the proper reporting channels. Many organisations have an anonymous reporting system, such as a hotline or online module, through which they can report suspected fraud without fear of retaliation. Such a system is highly recommended, as it directly results in more fraud tips and helps you uncover bad behaviour sooner, before it’s done the most damage.

2. Begin an investigation

Organisations that don’t have their own anti-fraud professionals on staff should engage an outside firm that specialises in financial investigations whenever fraud is suspected. These experts will review your fraud tip and lead your organisation through the next steps.

3. Gather evidence

Only seasoned experts should engage in an investigation because improper evidence collection can harm the potential to bring a case to court, should it rise to that level. Also, professional fraud investigators have an understanding of privacy laws and know what is and isn’t admissible in terms of gathering evidence in the workplace.

4. Interview witnesses

Part of the evidence-gathering phase, witnesses should be interviewed to draw a clear picture of what has taken place. They should be interviewed individually by anti-fraud professionals, who know how to elicit the information they need to uncover the truth.

5. Contact law enforcement

As the investigation proceeds, if fraud appears to be a proven concern, the employee should be terminated from employment and law enforcement should be informed. Without prosecution, the fraudster will just move on to their next victim.

6. Review and update your anti-fraud controls

How did this fraud happen? Were anti-fraud measures too weak, or were they not properly followed? Now is the time to evaluate risk management and control systems to learn from this case, and prevent the next fraud. Due diligence experts should be engaged to provide an objective, thorough examination of your control systems and make recommendations that will improve your level of protection.

CRI Group has experts who have conducted fraud investigations all around the world, for organisations of all sizes and industries. Our investigators work on-site at your company bringing a boots-on-the-ground approach to uncovering all the facts of the case. When you’ve uncovered fraud, that’s the time to let the experts take over. You owe it to yourself and the future of your business to make sure every investigation is done professionally and effectively. Contact CRI Group to learn more about our fraud investigations today. Get a FREE QUOTE

CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligence,  third-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.

Filed under: Due Diligence, Employee Background Check, Resources, Third-Party Risk Management by admin
No Comments »

Managing Third-Party Risks: A Checklist

THIRD-PARTY RISK MANAGEMENT CHECKLIST

Third-party risk management checklist. Fraud doesn’t take a break in times of crisis – in fact, that’s often when it thrives. And the same is true for supplier fraud. Unethical business practices by third-party partners can directly impact your organization in all sorts of ways. This type of fraud can cause financial, logistical, and reputational harm.

Locked in the grips of the COVID-19 pandemic, New York City found itself desperately in need of medical supplies. In particular, the city hit hard by the pandemic required millions of 3M-brand N95 respirators, the type that keeps health care workers, police, paramedics and others safe. A supplier emerged to fill this need potentially.

Unfortunately, he had a scheme to defraud the city of $45 million through price-gouging and fraudulently posing as a 3M- dealer. The formerly used car dealer in New Jersey, the fraudster now faces wire fraud and wire fraud conspiracy charges in a three-count criminal complaint unsealed in the U.S. District Court in Manhattan (New York Times, 2020). Managing Third-Party Risks

The case is an unfortunate reminder of what type of fraud and corruption lurks in supply chains. While a crisis presents new vulnerabilities – often, safeguards are bypassed for urgency – companies must be always on guard for third-party fraud. Due diligence isn’t just a corporate buzzword, nor is it a concept to keep compliance officers happy. It must be an integral part of every organization’s core business model. Every organization can do the following key third-party due diligence measures to stay better protected from supplier or contractor fraud.

THIRD-PARTY RISK MANAGEMENT CHECKLIST EVERY ORGANISATION COULD USE:

1. Identify vulnerabilities

Before evaluating its third-party partners, an organization should look inward and measure its own risk management tools. These include the following:

• Audit and supervision functions
• Business continuity plans, supply chain alternatives (very critical would considering third-party contracts)
• Jurisdictional considerations
• Data and IP protection
• Whistleblower policies

2. Conduct due diligence

The organization should engage a risk management process on all current and potential suppliers and contractors. For each third party, the organisation should evaluate the following:

• Business and operations
• Financial condition and reputation
• Experience, culture, vision and business style
• References and government records (including any legal action, bankruptcies, structure changes)
• Background checks (including ownership and key personnel)
• Insurance and certifications

3. Maintain management oversight

Due diligence is only worthwhile if appropriate action is taken in response to its findings. Once third-party partnerships have been evaluated and approved, the organization should continue to manage, monitor and maintain these relationships. Risk management is not a one-time process. It should be scheduled regularly (yearly at minimum) to ensure the proper standards are maintained for the organization. Not every company or government organization is ordering emergency supplies due to COVID-19 or other crises. With proper third-party due diligence, third-party due diligence can protect organizations year-round from the risk of any of the following serious pitfalls:

• Merging with an international business embroiled in behind-the-scenes legal battles.
• Getting caught up in making procurement decisions involving the inappropriate influence of government officials who were slated to receive kickbacks.
• Partnering with organizations that are potential credit risks, have claimed bankruptcy, have dissolved stated companies or are faced with debtor filing.
• Awarding work to an overseas contractor with absolutely no prior experience
• Affiliating with a contracting company owned by a politician with significant influence on future awards

It is recommended and necessary for many organizations to have a team of professionals guide you through implementing a comprehensive program for third-party risk management. That’s where CRI® Group comes in. We have one of the largest, most experienced and best-trained integrity due to diligence teams globally. With multi-lingual teams that have conducted assignments on thousands of subjects in over 80 countries, CRI® Group’s due diligence experts are committed to maintaining and constantly evolving our global network.

Managing risk effectively is essential to ensure businesses succeed and thrive in an environment of constant uncertainty. This playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:

• What is ISO 31000? Why is this Standard a good idea?
• ISO 31000 framework, why was it revised? And What are the main differences?
• Key Clauses of 31000:2018 and Who is the standard for?
• The process and the link between 31000:20180 and other standards

Getting Started with ISO 31000 Risk Management?

DOWNLOAD ISO 31000 PLAYBOOK NOW

3PRM-Certified™ a third-party compliance verification and certification program

As the risk for data breaches and supply chain disruption continues to rise with COVID-19, so does the need for effective third-party risk management (TPRM) programs. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organization considering how to better equip your team with the best knowledge and skills, the 3PRM-Certified™ program is an all-in solution. Our 3PRM™ service is flexible, and we tailor our scope to address an organization’s specific concerns and risk areas. CRI® Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organization from liability, brand damage and harm to the business. The 3PRM-Certified™ program includes a focus on the following:

• Providing third-party risk assessments
• Meeting contracting requirements
• Conducting due diligence
• Identifying potential fraud risks
• Providing management oversight

Utilizing a network of trained professionals positioned across five continents, CRI® Group’s 3PRM services utilize one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy AML and anti-corruption compliance program.

This TPRM Strategy program will help organizations establish the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Third-party relationships are critical in business today and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organization, an organization cannot overestimate the consequences of inadequate due diligence.

VIEW 3PRM^TM BROCHURE

Let’s Talk!

Get ahead of any potential problems down the road with suppliers, contractors, and other third-party partners. Our extensive solutions include due diligence, employee pre- and post-background screening, business intelligence and compliance, facilitating any decision-making across your business no matter what area or department. Contact CRI® Group today and learn more about our third-party due diligence and risk management solutions. If you have any further questions or interest in implementing compliance solutions, please contact us.

GET A FREE QUOTE NOW

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: Due Diligence, Resources, Third-Party Risk Management by admin
No Comments »

Can ISO 37001:2016 prevent bribery?

Since its launch in 2016, ISO 37001 Anti-Bribery Management Systems standard has had its supporters and critics. Some regulatory bodies and compliance communities initially expressed concern regarding the lack of a body of evidence supporting the effectiveness of ISO 37001:2016 from certain standpoints. Critics asserted that the new standard failed to address broad compliance concerns, and questioned whether ISO 37001:2016 certification alone can prevent prosecution. These observations should certainly be weighed and considered, as any new compliance standard must be properly evaluated on its merits. In the case of ISO 37001, however, the critics have made some misjudgments in regards to the key factors they feel are in question with the standard. Can ISO 37001:2016 prevent bribery?

One of the most important things to remember is that a standard like 37001 and all of its measures require a commitment and implementation by the organisation adopting them. ISO 37001 is a standard, administered by a certified body but ultimately implemented by employees of the organisation itself. The purpose of ISO 37001 standard is to provide a framework against which an organisation’s anti-bribery management can be assessed and certified, rather than a foolproof blueprint to prevent bribery.

The story behind ISO 37001:2016

First, some background: The International Organization for Standardization, or ISO, is the international standard-setting body composed of representatives from various national standards organisations. Founded on 23 Feb. 1947, ISO promotes worldwide proprietary, industrial, and commercial standards. Responding to an international need, ISO issued the 37001:2016 Anti-Bribery Management System standard to help businesses, nonprofits and governmental agencies reduce their risk of bribery and corruption by establishing, implementing, maintaining and improving an anti-bribery management system.

The ISO 37001 standard requirement, which references to ISO 19600 – Compliance Management System, specifies mandatory requirements for organisations when establishing/updating their anti-bribery management programs in a manner that is proportionate to the potential bribery risk. The reference to these requirements is referred to as “appropriate” and “reasonable”, hence directing organisations to undertake a subjective, diligent and rigorous review of current compliance framework, which will make ISO 37001 effective for them. According to Deloitte & Touche LLP, “[in ISO 37001:2016] it’s the substance, not the form, of a compliance program that determines its effectiveness”.

Anti-corruption versus broad compliance issues

Some of the concerns regarding the effectiveness of ISO 37001 are focused on whether it addresses broad compliance issues, like inequality, harassment, various types of fraud (outside of bribery and corruption), or similar offences. Seeing that it generally does not, as its focus is on anti-bribery and anti-corruption compliance, some take the view that ISO 37001 has adopted a simplistic approach. The scope of ISO 37001 addresses “establishing, implementing, maintaining, reviewing, and improving an anti-bribery management system,” whether as a stand-alone initiative or part of a broader anti-corruption. Therefore, implementing ISO 37001 standard requirements should be viewed as a way of enhancing, rather than replacing, an organisation’s existing anti-corruption compliance programs.

ISO 37001 is effective step-by-step guidance for those organisations which lack an anti-corruption framework and enables them to implement a compliance program without investing significant time in identifying the regulatory and non-regulatory requirements. In fact, ISO 37001 has incorporated Federal Sentencing Guidelines, U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) Resource Guide to the U.S. Foreign Corrupt Practices Act, the U.K. Ministry of Justice Bribery Act 2010 Guidance, and OECD’s Good Practice Guidance on Internal Controls, Ethics and Compliance. Former U.S. Deputy Attorney General Rod Rosenstein highlighted three hallmarks of a policy-effective compliance program, which are concurrent with ISO 37001 requirements and include: fostering a culture of compliance; dedicating sufficient resources to compliance activities; and ensuring that experienced compliance personnel has appropriate access to the board.

Prosecution of offences

Lastly, there is a widely held belief that obtaining ISO 37001 certification is an effective tool to avoid prosecution for bribery. These misconceptions have not been viewed favourably insofar as to Ms. Hui Chen, U.S. DOJ’s former compliance counsel, stating “Dan Kahn, the Chief of the FCPA Unit in the Fraud Section of DOJ’s Criminal Division, has been very consistent: prosecutors will not outsource their responsibilities”. Rightly so. ISO 37001 certification does not act as insurance to corporate liability for bribery, neither does it refute the need to perform due diligence, and it should be considered and implemented as per company’s risk profile. In practicality, implementing ISO 37001 can demonstrate to enforcement agencies and regulators that the organisation has taken reasonable steps to establish a compliance program to mitigate bribery risks, however, ISO 37001 certification will mitigate the consequences, if not a shield, an organisation from investigation or prosecution.

ISO 37001:2016 embraced by organisations and governments

It is important to note that organisations and governments alike are embracing ISO 37001 as the standard for prevention and detection. One example of this is in Malaysia, where the ISO 37001 standard was adopted across the government under Prime Minister Tun Dr Mahathir Mohamad. The new system has been received positively in both the public and private sectors, and Malaysia’s former anti-graft chief said “the people’s perception on the government’s seriousness to fight corruption had increased to 70.8 per cent last year from 59.8 per cent in 2016. He said that Malaysia has also shown improvement in its performance indicators in several important international studies and indexes” (New Straits Times, 2019). True to form, various heads of government in the country are following the directive. Defence Minister Mohamed Sabu recently “cautioned his officers to adhere to the Anti-Bribery Management System, which had attained the International Standards Organisation’s ISO 37001: 2016 certification” (New Straits Times, 2019).

Malaysia is not alone. In Peru, Singapore, and China (Shenzhen Institute of Standards and Technology [SIST]), the national standard bodies have adopted and localised the ISO 37001 standard. In Italy, the ISO 37001 accreditation scheme has been developed by Accredia; whereas in the UK, United Kingdom Accreditation Service (UKAS) has undertaken an ISO 37001 pilot program to develop an accreditation scheme. In the United Arab Emirates, Emirates International Accreditation Centre (EIAC) is undertaking the ISO 37001 accreditation scheme development with CRI® Group’s ABAC® Center of Excellence. ABAC® is an initiative launched by CRI® Group and offers ISO 37001 certification services. Hence, amid these positive developments, the outlook for ISO 37001 looks promising. ISO 37001 is not a “silver bullet” to foolproof an organisation from bribery or corruption, or avoid prosecution should those offences occur. It was never designed to be. Instead, it is a framework to implement the necessary controls and systems at the organisation level – across all levels – so as to be better equipped to prevent bribery and corruption moving forward.

CRI® Group has experts who have conducted fraud investigations all around the world, for organisations of all sizes and industries. Our investigators work on-site at your company bringing a boots-on-the-ground approach to uncovering all the facts of the case. When you’ve uncovered fraud, that’s the time to let the experts take over. You owe it to yourself and the future of your business to make sure every investigation is done professionally and effectively. Contact CRI® Group to learn more about our fraud investigations today. Get a FREE QUOTE

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, Due Diligence, ISO 37001, Resources by admin
No Comments »

1 in 3 Furloughed UK Employees Pressured to Work

The COVID-19 pandemic has been a major crisis for businesses and employees around the world. To make matters worse, some unscrupulous employers in the UK have abused the Coronavirus Job Retention Scheme by engaging in furlough fraud. They do this by accepting taxpayer money designed to help them pay salaries for furloughed workers, who are essentially “deactivated” to due to loss of business and quarantine – yet they pressure them to work (or they accept furlough benefits without the employees’ knowledge).

The system is designed to keep companies from laying off employees during such a time of crisis. Unfortunately, a crisis can also present the opportunity to commit fraud. In this case, pressuring employees to work despite being furloughed is an abuse of the system and a violation of the law. Employers who do this are gaming the system and taking advantage of employee labour, with taxpayers footing up to 80 percent of the bill (their salary).

How big is the problem? According to a recent study, more than one in three employees on furlough in the UK are currently under pressure to continue working while on furlough (Express UK, 2020). This shocking statistic has demonstrated that the issue of abuse in the furlough system is not an isolated affair, but appears to be widespread. So much so that HM Revenues and Customs is actually offering a 30-day amnesty period for employers to “admit to deliberate non-compliance of furloughing rules” (Yahoo UK, 2020). More than 1,900 calls have been logged to the furlough fraud hotline, and companies face penalties with new legislation on the way to punish violations.

What does furlough fraud look like? Here are some of the ways that employers are abusing the system.

1. Furloughed employees are pressured to work

A survey showed that 27 percent of furloughed employees were asked to send and respond to emails, and 17 percent were asked to make phone calls. Furlough workers by law are not expected to be actively engaging in any work for the employer while furloughed.

2. They are asked to come to the workplace

Rather than being asked to work from home (which is still against the rules), 12 percent of furloughed employees report being pressured to physically attend their workplace.

3. Employees are encouraged to “volunteer”

A reported 11 percent of furloughed employees are being pressured to continuing working for their employer as a “volunteer,” which is against the law.

4. Some employee don’t even know they are furloughed

In certain cases, employers have claimed furlough on their employees’ behalf, without their knowledge, while they continue working.

In their efforts to eradicate corruption, Parliament is pushing through new draft legislation that is expected to become law in July as part of the Finance Bill 2020. Dawn Register, partner in tax dispute resolution at BDO, told Personnel Today: “It is clear that HMRC is now gearing up to tackle incorrect and fraudulent claims for Covid-19 support payments. Latest government statistics show the eye-watering numbers paid out and why HMRC resources will focus on this potential new area of fraud” (Personnel Today, 2020).

The problem of furlough fraud illustrates the danger at companies that don’t adhere to a strict ethical code of conduct. By contrast, a proper tone at the top that helps discourage fraud and corruption would make it just as difficult and unacceptable to flout furlough laws as it would be to, say, engage in bribery, or cook its books. Unfortunately, many entities in the UK will likely learn the hard way when investigations and penalties bring them into compliance at a high cost. Legislators have signalled that both criminal and civil penalties will be on the table for those companies found to be abusing the system.

At CRI® Group, our experts are focused on anti-corruption methods and help implement proper anti-fraud processes that prevent problems like furlough fraud. Our due diligence processes can also detect when such fraudulent acts are being undertaken without the knowledge of ownership or directors. Let us show you ways to detect and prevent fraud at every level, and build a corporate culture that’s based on compliance and ethics.

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: Automotive, Aviation, COVID-19 Insights, Due Diligence, Finance & Professional services Industry, Insurance, IT & Telecommunications, Oil, Gas & Energy, Property, Resources by admin
No Comments »

Brexit poses bribery challenges but ISO 37001 provides solutions

While the United Kingdom has positioned itself as a leader in the fight against fraud and corruption, the shifting economic conditions surrounding Brexit have raised uncertainty and vulnerability. As some organisations are forced to forge new trade deals outside of already established European Union (EU) relationships, some experts warn that there will be more exposure to corrupt markets. This new wrinkle comes nine years after passage of the Bribery Act 2010, which marked a major salvo in the war against bribery and corruption. The Bribery Act enhanced existing British law against corruption and placed a new level of responsibility squarely at the feet of organisations. It requires organisations to demonstrate anti-bribery procedures and controls, while also providing strict penalties for breaches of anti-bribery laws. The takeaway for UK companies is that they need to take action now. With Brexit posing challenges through new, untested trade deals in various markets, organisations need ISO 37001 – Anti-Bribery Management Systems standard as a comprehensive approach to mitigating risk. ISO 37001 include adopting an anti-bribery policy, including anti-bribery compliance, training, risk assessments and due diligence on projects and business associates. It also calls for implementing financial and commercial controls, and instituting reporting and investigation procedures.

The Persistence of Bribery and Corruption

Worldwide, bribery and corruption are still massive problems. Global anti-fraud watchdog Transparency International states that “only 11 major exporting countries – accounting for about a third of world exports – have active or moderate law enforcement against companies bribing abroad in order to gain mining rights, contracts for major construction projects, purchases of planes and other deals”. Great Britain is certainly one of those countries actively enforcing against bribery, and the UK Bribery Act placed it within the leading edge of the fight against bribery and corruption. Even still, Great Britain fell three places in Transparency International’s 2018 Corruption Perceptions Index (released in 2019). The country slipped from 8^th place to 11^th. The drop is seen by some as an embarrassment for a government that takes a hard line against corruption, and faces new challenges posed by a post-Brexit future.

Rolls-Royce Agrees to Massive Fines

Recent high-profile bribery and corruption scandals demonstrate how pervasive the problem is. Among them, a scandal involving British engineering giant Rolls-Royce led to the corporation agreeing to pay £671m to settle corruption cases with UK and U.S. authorities (£497m plus costs earmarked for the UK Serious Fraud Office, which conducted its biggest ever investigation into the firm). The SFO found conspiracy to corrupt or failure to prevent bribery by Rolls-Royce in China, India, Russia, Thailand, Malaysia, and other markets. The firm apologised “unreservedly” for the cases spanning nearly 25 years.

The wrongdoing involved Rolls-Royce’s “intermediaries”, which are local companies that handle sales, distribution and maintenance in countries where the British firm does not have enough people on the ground. Thirty-eight employees have faced disciplinary proceedings. Eleven left the firm during the disciplinary process. Six were dismissed. Rolls-Royce has also reviewed 250 intermediary relationships across the company – 88 have now been suspended.

Recently, the Serious Fraud Office says it ended its investigation but only after Rolls-Royce entered the deferred prosecution agreement and accepted responsibility “for corrupt conduct spanning three decades, seven jurisdictions and three businesses, for which it paid a fine of £497.25m”, according to SFO director Lisa Osofsky.

Cadbury Limited Pays for FCPA Violations

In another recent case, British confectionary company Cadbury Limited and its owner, Mondel?z International, Inc., agreed to pay $13 million to settle charges of violating the internal controls and books-and-records provisions of the FCPA. According to the order from the U.S. Securities and Exchange Commission (SEC), the FCPA violations arose from payments their subsidiary in India made to a consultant to obtain government licenses and approvals for a chocolate factory in Baddi, India.

An SEC investigation found that in February 2010, Mondel?z, formerly known as Kraft Foods, Inc., acquired Cadbury and its subsidiaries, including Cadbury India Limited, which manufactures and sells chocolate products in India. Cadbury India retained and made payments to an agent to interact with Indian government officials to obtain licenses and approvals for a chocolate factory in Baddi, India. Cadbury India failed to conduct appropriate due diligence on, and monitor the activities of, the agent.

From February 2010 to July 2010, the agent submitted five invoices to Cadbury India for, among other things, preparing license applications. Cadbury India employees at Baddi, not the agent, prepared these license applications. Cadbury India paid the agent a total of $90,666 (after withholding tax) upon receipt of the invoices. After receiving each payment, the agent withdrew from its bank account most of the funds in cash. During this time period, Cadbury India obtained some of the licenses and approvals. Without admitting or denying the findings, Cadbury and Mondel?z agreed to a cease-and-desist order and payment of a $13 million civil penalty.

The Bribery Act 2010 and UK Anti-Corruption Strategy 2017-2022

Passage of the Bribery Act 2010 in the UK marked a major milestone in the effort to prevent, detect, and prosecute bribery and corruption. Building off of existing British law and other international legislation like the U.S. Foreign Corrupt Practices Act (FCPA), the Bribery Act 2010 created a new offence which can be committed by commercial organisations that fail to prevent persons associated with them from bribing another person on their behalf. In turn, an organisation that can demonstrate having adequate procedures in place to prevent persons associated with it from committing bribery have a defence to the section 7 offence. In 2018, eight years after passage of the UK Bribery Act, the total number of SFO investigations was “believed to be in region of 70-75,” with “dozens” of bribery and corruption cases in the investigative pipeline.

In 2017, the HM Government (formerly Her Majesty’s Government) released its first UK Anti-Corruption Strategy 2017-2022 to provide a framework to guide government policy and action against corruption. The strategy aims to reduce threats to national security, protect the economy and foster business opportunities (especially for British businesses) and build public trust and confidence. It also sets out six clear priorities for the British Parliament: (1) reduce the insider threat in high-risk domestic sectors such as borders and ports; (2) strengthen the integrity of the UK as an international financial centre; (3) promote integrity across the public and private sectors; (4) reduce corruption in public procurement and grants; (5) improve the business environment globally; (6) work with other countries to combat corruption. The strategy’s emphasis on transparency, risk mitigation and compliance should serve as a strong indication that organisations are expected to be held to a higher standard if they are based or do business in the UK.

This is why it is of such critical importance that organisations doing business from the UK, or through/across its borders, have credentialed and tested processes like the ISO 37001 Anti-Bribery Management System Standard in place. Switzerland-based International Organization for Standardization issued the 37001 Anti-Bribery Management System Standard in 2016 to help organisations worldwide increase and measure their efforts against bribery and corruption. The standard will be discussed in depth later in this article.

Brexit and the Potential for Increased Bribery

With the UK leaving the European Union, the debate and protests have mostly been political in nature. A major concern, however, that is only recently being discussed is the potential business impact regarding bribery and corruption. In particular, the UK’s National Crime Agency (NCA) has warned that the UK’s exit from the EU will impact the prevalence of bribery and corruption over the next five years, as UK companies potentially come into greater contact with corrupt markets. In addition, there is a report so secret that it has not been made public, according to an article in the Independent that quotes NCA Director-general Lynne Owens as saying that “We produce an ‘official sensitive’ and ‘top secret’ report that would go into the detail of where and what we are concerned about”. For watchdogs on bribery and corruption, such a statement is ominous, at best.

It’s worth noting that some Brexiters see the departure from the EU as an opportunity to cut red tape, which could further the regulation problem. Brexit could prompt the UK to strike trade deals with countries that have a heightened corruption risk. To embrace a reduction of “red tape” in favour of lax controls, however, would be a monumental mistake – with the Bribery Act 2010 still in full force, along with SEC enforcement of FCPA provisions. In fact, having anti-bribery standard implemented will now be more important than ever, as the SFO and other enforcement bodies will likely be scrutinising new trade deals more than ever in a new post-Brexit landscape.

ISO 37001 Anti-Bribery Management Standard

It is in this environment that ISO 37001 ABMS becomes a critical centrepiece for any organisation’s ABMS systems. Accredited providers of ISO 37001 such as ABAC (Anti-Bribery and Anti-Corruption) Center of Excellence, a global network of certified ethics and compliance professionals, qualified auditors, financial and corporate investigators, certified fraud examiners, forensic analysts and accountants, can be used as a tool for organisations to prevent bribery and corruption. ABAC Certification is an accredited provider of ISO 37001 ABMS Certification and Training for organisations of all types and industries.

The ISO 37001 standard specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system. The system can be stand-alone or can be integrated into an overall management system. ISO 37001 addresses the following in relation to the organisation’s activities:

• Bribery in the public, private and not-for-profit sectors
• Bribery by the organisation
• Bribery by the organisation’s personnel acting on the organisation’s behalf or for its benefit
• Bribery by the organisation’s business associates acting on the organisation’s behalf or for its benefit
• Bribery of the organisation
• Bribery of the organisation’s personnel in relation to the organisation’s activities
• Bribery of the organisation’s business associates in relation to the organisation’s activities
• Direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party)

When administered by an accredited provider of ISO ABMS certification and training, the protocol can:

• Help an organisation create new and better business partnerships with entities that recognise ISO 37001 certified status, including supply chain manufacturing, joint ventures, pending acquisitions and co-marketing alliances
• Potentially reduce corporate insurance premiums
• Provide customers, stakeholders, employees and partners with confidence in the entity’s business operations and ethics
• Provide a competitive edge over non-certified organisations the organisation’s industry or niche
• Provide acceptable evidence to prosecutors or courts that the organisation has taken reasonable steps to prevent bribery and corruption

The ISO 37001 process helps companies and government organisations reduce the risk of bribery by establishing, implementing, maintaining and enhancing internal anti-bribery and anti-corruption systems. ISO ABMS certification is a mitigating piece of evidence to regulators or even prosecutors and the courts that the entity has taken meaningful steps in its efforts to prevent bribery and corruption.

Conclusion

With the UK moving from the EU to a post-Brexit world, the time is now for organisations to protect their investments, their reputations and their business. The Bribery Act 2010 puts an emphasis on proactive prevention and compliance. The SFO and other enforcement bodies will almost certainly respond to guidance that warns of a post-Brexit potential for increased bribery and corruption. The result will be increased scrutiny and a likely no-tolerance approach for breaches. As such, UK corporations and their overseas partners should stand ready to demonstrate their implementation of internal processes, policies and controls to prevent and detect bribery and corruption and remain in compliance.

The ISO 37001 ABMS standard is established, tried and tested program that addresses those issues head-on through a comprehensive program of training and certification. The training process is tailored to the organisation, while still following the developed curriculum and documented best practices. Certification requires demonstrating that processes have been implemented effectively, with follow-up evaluations. The shift to a post-Brexit economy is the perfect opportunity to implement ISO 37001 standards – no reputable board of directors or governors should question the timing and importance of taking this step. It’s a matter of safeguarding the organisation, its reputation, and its future.

Let’s Talk!

If you have any further questions or interest in implementing compliance solutions, please contact us.

CRI Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligence,  third-party risk management, forensic accounting, compliance and other professional investigative research services. In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. Contact ABAC® for more on ISO Certification and training.[/vc_column_text][accordion_father caption_url=””][accordion_son title=”Meet our CEO” clr=”#ffffff” bgclr=”#1e73be”]ABOUT THE AUTHOR

Zafar I. Anjum is Group Chief Executive Officer of CRI Group, a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.[/accordion_son][accordion_son title=”Sources & Credits” clr=”#ffffff” bgclr=”#1e73be”]

1. “Exporting Corruption”, Transparency International, 2018, < https://www.transparency.org/news/feature/exporting-corruption-2018> (accessed 18 Aug. 2019)
2. “Corruption Perceptions Index 2018”, Transparency International, 2019, < https://www.transparency.org/cpi2018> (accessed 18 Aug. 2019)

3. Caroline Binham, “UK drops out of top 10 in global anti-corruption rankings”, Financial Times, 28 Jan. 2019, < https://www.ft.com/content/8d1a2474-224e-11e9-b329-c7e6ceb5ffdf> (accessed 17 Aug. 2019)

4. Holly Watt, David Pegg, Rob Evans, “Rolls-Royce apologises in court after settling bribery case”, The Guardian, 17 Jan. 2017 < https://www.theguardian.com/business/2017/jan/17/rolls-royce-apologises-bribery-671m-uk-us-brazil > (accessed 18 Aug. 2019)

5. “Rolls-Royce apologises after £671m bribery settlement”, BBC News, 18 Jan. 2017, < https://www.bbc.co.uk/news/business-38644114 > (accessed 30 Aug. 2019)

6. “SFO drops investigations into Rolls-Royce and GSK”, BBC News, 22 Feb. 2019, < https://www.bbc.com/news/business-47330580 > (accessed 18 Aug. 2019)

7. Richard L. Cassin, “2017 FCPA Enforcement Index”, The FCPA Blog, 2 Jan. 2018, < https://www.fcpablog.com/blog/2018/1/2/2017-fcpa-enforcement-index.html > (accessed 19 Aug. 2019)

8. “ADMINISTRATIVE PROCEEDING File No. 3-17759”, SEC.GOV, < https://www.sec.gov/litigation/admin/2017/34-79753-s.pdf > (accessed 19 Aug. 2019)

9. “Bribery Act 2010 guidance”, GOV.UK, 11 Feb. 2012, < https://www.gov.uk/government/publications/bribery-act-2010-guidance > (accessed 18 Aug. 2019)

10. Lizzie Dearden, “Brexit could push UK companies into ‘greater contact with corrupt markets’ if EU trade deals lost”, The Independent, 14 May 2019, < https://www.independent.co.uk/news/uk/politics/brexit-uk-business-corrupt-markets-trade-deal-a8914016.html > (accessed 18 Aug. 2019)

11. Caroline Binham, “UK drops out of top 10 in global anti-corruption rankings”, Financial Times, 28 Jan. 2019, < https://www.ft.com/content/8d1a2474-224e-11e9-b329-c7e6ceb5ffdf> (accessed 17 Aug. 2019)

12. “ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMS — REQUIREMENTS WITH GUIDANCE FOR USE”, www.ISO.org, < https://www.iso.org/standard/65034.html > (accessed 5 Aug. 2019)

[/accordion_son][accordion_son title=”Sources & Credits” clr=”#ffffff” bgclr=”#1e73be”]

1. “Exporting Corruption”, Transparency International, 2018, < https://www.transparency.org/news/feature/exporting-corruption-2018> (accessed 18 Aug. 2019)
2. “Corruption Perceptions Index 2018”, Transparency International, 2019, < https://www.transparency.org/cpi2018> (accessed 18 Aug. 2019)

3. Caroline Binham, “UK drops out of top 10 in global anti-corruption rankings”, Financial Times, 28 Jan. 2019, < https://www.ft.com/content/8d1a2474-224e-11e9-b329-c7e6ceb5ffdf> (accessed 17 Aug. 2019)

4. Holly Watt, David Pegg, Rob Evans, “Rolls-Royce apologises in court after settling bribery case”, The Guardian, 17 Jan. 2017 < https://www.theguardian.com/business/2017/jan/17/rolls-royce-apologises-bribery-671m-uk-us-brazil > (accessed 18 Aug. 2019)

5. “Rolls-Royce apologises after £671m bribery settlement”, BBC News, 18 Jan. 2017, < https://www.bbc.co.uk/news/business-38644114 > (accessed 30 Aug. 2019)

6. “SFO drops investigations into Rolls-Royce and GSK”, BBC News, 22 Feb. 2019, < https://www.bbc.com/news/business-47330580 > (accessed 18 Aug. 2019)

7. Richard L. Cassin, “2017 FCPA Enforcement Index”, The FCPA Blog, 2 Jan. 2018, < https://www.fcpablog.com/blog/2018/1/2/2017-fcpa-enforcement-index.html > (accessed 19 Aug. 2019)

8. “ADMINISTRATIVE PROCEEDING File No. 3-17759”, SEC.GOV, < https://www.sec.gov/litigation/admin/2017/34-79753-s.pdf > (accessed 19 Aug. 2019)

9. “Bribery Act 2010 guidance”, GOV.UK, 11 Feb. 2012, < https://www.gov.uk/government/publications/bribery-act-2010-guidance > (accessed 18 Aug. 2019)

10. Lizzie Dearden, “Brexit could push UK companies into ‘greater contact with corrupt markets’ if EU trade deals lost”, The Independent, 14 May 2019, < https://www.independent.co.uk/news/uk/politics/brexit-uk-business-corrupt-markets-trade-deal-a8914016.html > (accessed 18 Aug. 2019)

11. Caroline Binham, “UK drops out of top 10 in global anti-corruption rankings”, Financial Times, 28 Jan. 2019, < https://www.ft.com/content/8d1a2474-224e-11e9-b329-c7e6ceb5ffdf> (accessed 17 Aug. 2019)

12. “ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMS — REQUIREMENTS WITH GUIDANCE FOR USE”, www.ISO.org, < https://www.iso.org/standard/65034.html > (accessed 5 Aug. 2019)

[/accordion_son][/accordion_father][/vc_column][/vc_row]

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, ISO 37001, Resources by admin
No Comments »

Your company’s security begins at the hiring process

Your company’s security begins at the hiring process

It’s an exciting time for a company when business is growing and there is a need add more employees and start a hiring process. One organisation that was in such a position sought to make sure they were being diligent while hiring new staff. To that end, they engaged CRI® Group’s EmploySmart^TM services, providing thorough and extensive pre-employment background screening in verifying prospective candidates’ experience and credentials. What happened next is eye-opening for any business leader.

CRI® Group’s agents uncovered disturbing details regarding one of the applicants. When CRI® Group contacted this individual’s former employers, one of them reported that the applicant had been hired without any prior experience, was trained for a couple of months, and then terminated due to committing cash embezzlement as well as participating in harassment and workplace violence. In other words, he was an employer’s nightmare!

Further checks revealed more problems at other organisations – CRI® Group discovered that the individual had been terminated from a second position after causing a financial loss at the company. By using EmploySmart^TM, the client dodged a major bullet and avoided hiring someone who could have done serious damage, both financially and to the company culture.

What you don’t know can hurt you

A dishonest employee could be unqualified for the position, possibly endangering others on the job. Or they might be a fraud risk, willing to bend the truth in other ways in order to enrich or advance themselves on your dime.

At CRI® Group, our EmploySmart^TM pre-employment background screening process analyses a job candidate’s claims and credentials, and digs beyond the surface to make sure the facts match up. Our experts conduct extensive checks that examine all of the following details of a potential employee:

• Verification of address
• Verify name and date-of-birth
• National ID number
• Credit checks
• Previous employment verification
• Credentials verification
• Bankruptcy checks
• Civil litigation checks
• Criminal history
• Record checks
• Professional qualifications and memberships
• Criminal background checks
• … and more.

Resume fraud: More common than you think

In another case study, CRI® Group’s investigators conducted background screenings of employees who were working for a multinational organisation operating in Pakistan. While verifying education credentials is just one of the aspects of the EmploySmart^TM process, the investigators immediately noticed red flags and initiated detailed checks of the education degrees claimed by the subjects.

In this case, CRI® Group screened 18 degrees claimed from a single university. By contacting the university and conducting an examination of documents and records, CRI® Group found an astounding 5 of them (27.7 percent) to be fake and/or forged. As it turns out, the following are some of the most common areas of resume fraud:

• Stretching dates of employment
• Inflating past accomplishments & skills
• Enhancing job titles & responsibilities
• Education exaggeration & fabricating degrees
• Unexplained gaps & periods of “self employment”
• Omitting past employment
• Faking credentials
• Fabricating reasons for leaving previous job
• Providing fraudulent references
• Misrepresenting military record

Resume fraud is a widespread problem for employers in every industry, and at any size company. It’s persistent and sometimes even careful examination of a resume won’t immediately reveal red flags or problems. The only way to properly vet job candidates is to screen them with a thorough pre-employment background screening process.

 Hiring process is Trusting, but verifying

No organisation can afford to have employees on staff who aren’t what they claim to be. Even a seemingly innocent embellishment can indicate more background problems under the surface, and the potential for future problems down the road.

Every business leader should embrace the need to EmploySmart^TM. Your greatest resource is your employees. Make sure they are who they say they are, and that you only hire the best.

Take a proactive stance with the highest level of Employee Background Screening as a part of your essential business strategy.  Contact us today to learn more about our full range of services to help your organisation stay protected. Get a FREE QUOTE

CRI® Group has safeguarded businesses from any risks, providing investigations (i.e. insurance fraud), employee background screening, investigative due diligence, business intelligence,  third-party risk management, forensic accounting, compliance and other professional investigative research services.

Filed under: Background Investigation, Due Diligence, Employee Background Check, Resources by admin
No Comments »

Anti-Bribery Compliance Programs in EMEA Countries

Preventing bribery and corruption is a global effort that crosses international borders…

Preventing bribery and corruption is a global effort that crosses international borders. In just the past few years, many governments have enacted more laws and regulations to reflect that reality. European, Middle Eastern and African (EMEA) countries are no exception – in many ways, they are at the forefront of this new anti-bribery and anti-corruption landscape and compliance program development. This critical shift from bygone years of sweeping unethical business behaviour under the rug to creating strict enforcement measures is well overdue. The sometimes overlapping nature of these laws and varying rules based upon their jurisdictions can pose challenges to compliance officers, however. Not to mention that the “letter of the law” sometimes lends to different interpretations depending on the local politics of the day.

When organisations do uncover wrongdoing, their leadership must be careful to understand that the wrong approach to investigation might get them into trouble: employee privacy protections are higher in some European nations, for example, potentially affecting a company’s ability to monitor employee behaviour and investigate wrongdoing.

The article will discuss some of the new laws and regulations that have been enacted (or are still emerging) in various EMEA countries, and provide a perspective on managing compliance standards across varying jurisdictions. The new wave of anti-bribery and anti-corruption controls is a good thing for the economy and for protecting investments worldwide. Business leaders must just be sure not to get caught by the tide.

Europe: Leading the Charge

In most European countries today, it can be very costly to be caught breaking bribery laws. Most laws call for stiff fines. The UK largely ushered in this landscape with the introduction of the UK Bribery Act 2010. Under this groundbreaking law, individuals or businesses may face up to 10 years in prison or unlimited fines. “The UK Bribery Act imposes more severe penalties and is broader in scope than the FCPA, covering bribes to private parties as well to foreign officials. The UK Bribery Act also prohibits being bribed, not just giving bribes. Because of the close ties between the United States and the United Kingdom, US businesses should pay special attention to all forms of potential bribery abroad, regardless of jurisdictional technicalities.” (Everfi, 2020).

Click here to read the full article.

Other Anti-Bribery and Compliance resources from our independent certification body ABAC®:

• Prove that your business is ethical. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Find out if your organization’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks.
• Bribery and corruption plague Middle East, how can ISO 37001 help? Read more here or download the free e-book now to know more about ABAC solutions in the Middle East.
• Are you ready for ISO 37001? Download our free e-book: The latest global anti-bribery standards redefine a framework for corporate compliance, and find out more!

Let’s Talk!

If you have any further questions or interest in implementing compliance solutions, please contact us.

Don’t leave hiring to chance. Take a proactive stance with the highest level of background screening as a part of your essential corporate strategy. Contact us today to learn more about our full range of services to help your organization stay protected.

Get a FREE QUOTE

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: Anti-Bribery Anti-Corruption Solution, Compliance Solution, ISO 37001, Resources by admin
No Comments »

Wal-Mart: a professional TPRM implementation would have avoided this situation.

Lack of TPRM strategy can be an expensive reminder of how important is it to balance the risks and benefits of using third parties to deliver business services.

On June 20, 2019, Walmart Inc global retail corporation, settled a long-running corruption investigation by the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) to resolve a long-running U.S. bribery investigation into allegations of bribery by its employees. 

According to the agreed-upon statement of facts in the DOJ settlement documents, as well as allegations in the SEC administrative order, from 2000 until 2011, despite the fact that certain Walmart personnel responsible for implementing and maintaining the Company’s internal accounting controls related to anti-corruption were aware of certain controls failures, including failures related to potentially improper payments to government officials by certain Walmart foreign subsidiaries, Walmart failed to implement appropriate internal controls to prevent such improper payments.

The DOJ alleged that Walmart failed to do the following:

1. Conduct sufficient anti-corruption due diligence on third-party intermediaries (“TPIs”) who interacted with foreign officials;
2. Implement appropriate controls related to payments to TPIs; 
3. Require proof of services before paying TPIs; 
4. Require that TPIs had written contracts with anti-corruption compliance provisions; 
5. Ensure that donations ostensibly made to foreign government agencies were not converted to personal use by foreign officials; and
6. Implement appropriate policies covering gifts, travel and entertainment for foreign officials.

With a total of $282 million in penalties and disgorgement and its Brazilian subsidiary pleading guilty to criminal charges, the deal could have easily been avoided with a professional due diligence implementation.

The Arkansas-based global retail corporation settled a long-running corruption investigation by the U.S. Department of Justice (the “DOJ”) and the Securities and Exchange Commission (the “SEC”) (collectively the “Government”), with the Company paying a total of $282 million in penalties and disgorgement and its Brazilian subsidiary pleading guilty to criminal charges.

Expensive Reminder About the Importance of Due diligence

What is due diligence?

Due diligence is understood as the reasonable steps taken to satisfy legal requirements in the conduct of business relations. An Integrity Due Diligence allows you to reduce risks arising from the FCPA (Foreign Corrupt Practices Act) and the UKBA (U.K. Bribery Act), make informed decisions, and pursue takeovers or mergers confidently. In the business world, due diligence refers to the organisation’s investigation and steps to satisfy all legal requirements before buying or selling products and services or entering into a contract or a financial arrangement with another party.

Unlike other kinds of control (audits, market analysis, etc.), it must be independent and rely as little as possible upon information provided by the researched subject. The other significant difference lies in the methodology: commercial or financial due diligence analyses available information, Investigative Due Diligence provides reliable and pertinent, but raw, information.

When conducting investigative due diligence, you can identify key risks; it can enhance your knowledge and understanding of the customer, supplier, employee and third-party risk, helping you avoid any compliance. 

Protect your reputation and the risk of financial damage and regulator action using our detailed reports. 

Types of transactions

Professionals can be hired to conduct investigations or audits of business deals involving a variety of transactions, such as:

• merger & acquisition;
• potential investment in securities;
• real estate transaction;
• business purchase or sale; and
• investment in a new product or technology, and so on.

Types of investigations

The standard types of investigations that are conducted include:

• Conflict of interest investigation;
• Review of financial records;
• Confirmation of financials with a bank or other financial institution;
• Credit checks from credit reporting companies (such as Equifax);
• Property title checks obtained from a trusted source (e.g. land titles office or your lawyer); and
• Confirmation of corporate status, directors, officers, and shareholders (if applicable).

How can a professional fraud investigator help?

• review client documentation and information to identify red flags of fraud;
• conduct standard public record searches on the people or issues identified;
• conduct covert and overt interviews and gather intelligence utilising other covert and overt methods; and
• after an initial investigation is completed, request that their clients meet with the proposed parties to the transaction to gauge their credibility against the information that the investigator has found about them.

How CRI® can help

We enable businesses to make better decisions about the third parties they choose to work with. We help you make better decisions faster. We examine risk from every angle so you can make better-informed decisions. And we provide you with the insights you need to identify the partners who will create better long-term value for your business.

Third-party risk management services brochure

Filed under: All Industries, All Regions, Business Intelligence, Due Diligence, Resources, Third-Party Risk Management by admin
No Comments »

COVID-19: Top risk management concerns

A global crisis calls for a fresh due diligence and risk management review of your company’s third-party partnerships

The worldwide coronavirus pandemic has disrupted life in just about every word, from personal health concerns and social distancing to shelter-in-place mandates and business closures. But in the corporate world, life plods on. Critical concerns about ongoing sales and revenue, keeping personnel employed, safety issues inside the workplace, and uncertainty about the future make business leaders lose a lot of sleep these days.

An added element that global organisations should genuinely be concerned about is the ongoing viability of the supply chain. The pandemic is affecting different parts of the world at varying levels, so it’s vitally important to be continually vigilant in how the crisis affects your third-party suppliers and how those supply chain partners behave and maintain legitimacy in these uncertain times.

The healthcare industry is on the front line of the global supply chain battle, as it feverishly addresses an unprecedented demand for personal protective equipment. The shortage of PPE (Personal Protective Equipment) has forced many organisations – out of sheer desperation – to seek and purchase supplies from just about any outside source that can produce what’s needed. This panic buying has led to unscrupulous manufacturers producing and flooding the market with sub-standard products that, aside from being grossly overpriced, are putting an untold number of lives in peril. Further, the global demand for PPE has fostered rising occurrences of bad actors who see lucrative opportunities for bribery, tax evasion and money laundering amid crisis and confusion.

The pandemic has thrown many other industries into complete disarray, which will naturally open the doors for opportunists to do what’s necessary to take advantage of the situation. And suppose your organisation happens to be affiliated with these bad actors. In that case, the long-term effects can be potentially devastating, affecting the organisation’s reputation, and resulting in untrusting customers, lost business, loss of market value, decreased share price, litigation, and any number of regulatory penalties.

Crisis Situations Require Enhanced Due Diligence

A Third-Party Risk Management Program is not a passive process. It requires time and effort, and, as we’ve witnessed during the present global crisis, the risks associated with Third-Party partnerships are continually evolving. Those outside risks can be found on many operational levels, from a supplier’s present working conditions and the protection of customer data to safeguarding the company’s intellectual property and suspicious changes in pricing and payment terms, among others. Here are several items to consider in re-evaluating the company’s relationship with Third-Party partners during this critical period:

• Essential Workers – Is the company observing the latest guidance related to safety practices for that personnel still working on the production lines? Is the company providing PPE protection and following social distancing on the factory floor?
• Remote Workers – Is the supplier’s staff working from home now? How do you know those staff members, working on your behalf, are behaving correctly and completing their work? Who is overseeing the production of at-home workers?
• Customer Data – If staff is working remotely, how are they accessing vital company data? Is the at-home network protected? Can it be accessed and infiltrated by unaffiliated outside parties?
• Information Sharing – Has the supplier addressed intellectual property protection concerning at-home workers? Are the various corporate (and at-home) communication channels safeguarded, including email accounts, online chats, direct messaging, video conferencing and phone calls?
• Product Quality – Can the supplier still provide proof of product viability, including compliance with safety, quality, labelling and other standards?
• Production, Component and Logistical Costs – Has the supplier altered its various costs in response to the crisis? Has it provided acceptable reasons for the changes? Are these additional costs verified and justified?
• Relationships with Agents – Are the agents that assist in your global supply chain maintaining business integrity during the crisis? Are there unreasonable changes to pricing, terms and delivery dates?
• Regulatory Compliance – Is the supplier complying with local, regional and national mandates recently enacted as a result of the pandemic?

Remember, your organisation is only as safe as the least protected component of your Third-Party supplier network. It’s vital to ensure adequate protection against the rising number of risks associated with the recent worldwide crisis.

The Need for Leadership in These Challenging Times

Desperate times call for desperate measures, and these are most undoubtedly desperate times. An organisation where leadership, management and workforce do not take the third-party risk seriously will eventually suffer the consequences brought on by lack of action. And to those organisations that practice effective risk management, passive engagement in times of crisis is not enough.

The key to effective risk management during these times is proactivity. Asking difficult questions now can save you from answering accusatory questions later. Questions company management might immediately consider include:

1. Are our suppliers equipped to protect our sensitive information against today’s risks?
2. How sophisticated are our cloud and social media security?
3. Are our suppliers capable of adapting to regulatory compliance changes?
4. Are proper redundancies in place to ensure our information is protected against disaster?
5. Will we be prepared if one of our suppliers unexpectedly shut down a line or closed its doors?
6. Do we have the adequate tools to vet new or replacement suppliers properly?
7. Who owns the risk management process internally? What additional resources do they need to succeed in the current situation?
8. Do we have a set methodology for addressing incidents involving our suppliers?
9. Do we maintain an accurate and complete interactive inventory of our suppliers?
10. Can we identify warning signs with suppliers?
11. Do we have a well-communicated reporting process?

The coronavirus pandemic has created crisis and uncertainty that we’ve never experienced. And crises are breeding grounds for bad actors who see opportunity in the midst of uncertainty. Ongoing due diligence of third-party partners in times of crisis is vital to safeguard the organisation’s long-term interests and protect it from an increasing number of outside risks.

Let’s Talk!

If you have any further questions or are interested in implementing compliance solutions, please contact us.

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body that provides education and certification services for individuals and organisations on a wide range of disciplines and ISO standards, including ISO 31000:2018 Risk Management- Guidelines, ISO 37000:2021 Governance of Organisations, ISO 37002:2021 Whistleblowing Management System, ISO 37301:2021 (formerly ISO 19600) Compliance Management system, Anti-Money Laundering (AML) and ISO 37001:2016 Anti-Bribery Management Systems.

ABOUT THE AUTHOR

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group, a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.

t: +44 207 8681415 | m: +44 7588 454959 |e: zanjum@crigroup.com

Filed under: COVID-19 Insights, Due Diligence, Leadership Insights, Resources, Third-Party Risk Management by admin
No Comments »

10 top business risks

Sometimes business owners or management have an outsized sense of business risks for a particular threat. For example, some companies place extreme emphasis on guarding their intellectual property (IP), when in actuality the incidence of IP theft for their industry might be low. Other times, however, their priorities are firmly in line with the threat posed by the risk. According to a recent study, this is exactly the case when it comes to leaks of internal information, data theft, and reputational damage due to third-party relationships (Global Fraud Risk Report 2019/20).

This report is based on a survey of 588 senior executives from 13 countries and regions and 10 industries. It provides valuable insight into what types of threats are keeping business leaders awake at night. “The broadening of the risk landscape is visible in the types of significant incidents our survey respondents report experiencing in the last 12 months and in the priority levels they assign to various risk mitigations,” the report states. “The most frequently cited incident is leaks of internal information, reported by 39 percent. But this perennial challenge now coexists with risks from relatively recent threats, such as data theft, and even newer threats, such as adversarial social media activity.”

Business information leaks occur when confidential information is revealed to unauthorized persons or parties. This happens with alarming frequency, as recent news stories illustrate. Headlines include “Stunning iPhone 12 video shows Apple’s leaked prototype design with no notch” (BGR, 2020); “New Leaks Show Business and Politics Behind Tiktok Content Management” (China Digital Times, 2020); “DOJ charges Defense Intelligence Agency employee for leaking highly classified information to the media” (Business Insider, 2019). There can be direct and/or indirect negative repercussions from an information leak at your business. It can affect product rollouts, or give you a disadvantage in a competitive market; among other effects. At CRI Group, our experts work with companies to develop policies that provide zero-tolerance for information leaks, and put controls in place (such as secure communications and data systems) to prevent such leaks from occurring in the first place.

Data theft

Perhaps the fastest-growing scourge of businesses since the beginning of this century. Massive data breaches have cause major distrust among consumers worldwide, and have led directly to identity theft and financial crimes such as theft of credit, illegitimate loans and other schemes. Data theft involves stealing computer-based information from an unknowing victim, usually a company with a large customer or client base. This usually results in the sale or sharing or private information. Most recently, a data breach reportedly exposed more than 200 million Americans: “Data Breach Exposes 200 million Americans: What You Need To Know” (Screen Rant, 2020). In another case, a major cruise operator saw its customers’ information exposed: “Norwegian Cruise Line Suffers Data Breach” (infosecurity, 2020).

For any company that is entrusted with customers’ or members’ private information, especially personally identifying information (PII), data theft can be a devastating crime. Beyond lawsuits and financial damage caused by such a disaster, rebuilding the company’s reputation (and earning back customers’ trust) is an uphill battle that might take years or more. That’s why CRI Group recommends that every business, regardless of size or industry, make protecting customer data one of its highest priorities. Today, leading technology can help make data more secure. But even the most secure system is dependent upon a properly trained workforce that follows all of the protocols to achieve effective data protection.

Reputational damage due to third-party relationship

Another serious business risk to any organisation that partners with other companies, suppliers or contractors. Even worse, they can be completely outside of your control. Here are examples of some of the risks: A business partner is embroiled in behind-the-scenes legal battles; a supplier makes procurement decisions involving the inappropriate influence of government officials who receive kickbacks; a partner falsely claims to have experience in an industry, and cannot deliver on its contractual promises. CRI Group’s integrity due diligence experts have helped clients avoid those very scenarios. Our investigators employ a proven, multi-faceted research approach which involves a global array of databases, courts and public record searches, local contacts, industry and media resources, and in-depth web-based research.

As the report states, “The last decade has seen cybercrime evolve from an IT issue to a boardroom concern, mirroring the digital transformation of the global economy on the macro level and of business operations on the micro level. The more the business world integrates digital elements, the more likely it is that computer systems have or will become a pathway for crime.” Now, more than ever, it is important for business leaders to be proactive in managing these modern business risks. Fraudsters and those who steal information are evolving their methods every day. Depend on the experts to help you stay one step ahead.

Lets Talk!

If you have any further questions or interest in implementing compliance solutions, please contact us.

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.

MEET THE CEO

Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (www.crigroup.com), a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

Filed under: Business Intelligence, Investigative Solution, Resources by admin
No Comments »